The performance fee is a strong mismatch for aligning incentives here. Let’s be pessimistic, and consider that the odds of Compound suffering a giant loss in the next year is 5%. That means that if there was zero effort to improve the security of Compound, the odds of OZ getting the performance bonus would still be 95%.
On the other hand, an excellent audit, and perfect checking of all proposals through the year, might reduce the odds of a major loss to 2%. This only increases the odds of a performance bonus from 95% to 98%. That’s only a 3% change in expected payoff amount between no effort vs insane effort. It just doesn’t make sense here. Compound would be paying 4 million dollars to create $120,000 worth of incentives.
I agree that the price is surprisingly high and would love another look at it from them.
We at OUSD have had audits from Trail Of Bits, Solidified, Certora, and Open Zeppelin in the last year. Open Zeppelin would be my first pick for this audit. They did excellent, comprehensive, through work, and were a pleasure to work with.
I also do think that a re-audit of the current state of the code and systems would be a wonderful thing.