Hello everyone,
I wanted to follow-up on the recent proposal to list MATIC and expand on this statement:
It should be noted this asset addition has not been reviewed by Open Zeppelin. Given that MATIC is a well-established contract and the ctoken contract utilizes the current standard, there is a good precedent to support the asset addition. As usual, the proposal is to list MATIC with a 0 collateral factor. This allows Compound to onboard assets incrementally and safely.
As the proposal text says, the asset listing proposal hasn’t been reviewed by the OpenZeppelin security team. I discussed this proposal with @getty yesterday and conveyed my previous recommendation that the community wait to list new assets until OpenZeppelin could do an asset review and define a more secure listing process. However, it could be several more weeks before we have a complete plan in place for securing asset listings as we are wrapping up the Compound Protocol Audit this week.
The security risks here appear to be low for the reasons mentioned in the Proposal but I would advise the community to proceed with caution and with an understanding that integration risks are always present. As Security Advisor, I want the community to be aware of the risks in unaudited proposals so that the community can make an informed decision with the best interests of the DAO in mind.