A few hours ago, a member of the community alerted our team to a potential defect in the Compound protocol. After analyzing the report, we have confirmed that (1) there is a defect that was undetected in the audit process, (2) a potential exploit exists, (3) the potential exploit has never been used, (4) it’s necessary to temporarily disable new borrowing, to eliminate risk to users.
We’ve deployed an updated interest rate model, 0x16c2a19edbc68780dfc03708bc9021ef34db2e33, that causes new borrowing transactions to revert, while allowing all supply, withdraw, repay, and liquidate transactions. The protocol will otherwise continue to function normally — supplying assets will continue to earn interest, etc.
Our north star, and the most important metric that we judge ourselves on is safety. Over the next few days, we will evaluate how to move the protocol forward; the options include a patch, or deploying another version of the protocol.
Thank you for your support, trust, and skepticism as we work in an experimental new technology. If you have any questions, join us in Discord — we look forward to hearing from you.