I’m sorry but I feel obligated to take the unpopular position against compensation. I have great sympathy as a fellow human for those who lost money to the incident but I think compensation is a mistake for reasons that I hope I articulate clearly below.
Almost certainly manipulation by a liquidator who planned and scripted out the attack in advance.
No, but the cold truth is that in finance, this is immaterial. The impacted users should have and could have been aware of the risk, and Compound is a protocol that can be used in risky ways. Users have a responsibility to understand the protocol before they put large sums of money in it. Compound could have done a better job of educating users about these risks but ultimately, any complex financial product, whether in the crypto space or the traditional finance space, has ways to use it dangerously and it is generally impossible to protect people from their own ignorance when using complex financial products.
I certainly think that the idea of a “safe max” to borrow is ridiculous and I do blame the Compound UI for using that term as being part of the problem. There is no 100% safe amount to borrow of any product. Some amounts might be 99.99% safe, or 99.9% safe, or 99% safe, or 95% safe, and users need to evaluate this on their own if they are going to short sell a product (I know that not all protocol users realize this, but when they supply USDC and borrow DAI, then keep selling the DAI and supplying more USDC to build up the “recursive” leverage for yield farming, they are short DAI). DAI is a soft peg and short selling it has counterparty risk against MKR holders because if they mismanage DAI it could actually (as opposed to via an oracle exploit) globally reach prices well above 1 (e.g. if they fail to allow more USDC deposits into vaults once the USDC max supply is reached). Similarly, being long USDC has tail risks associated with it, e.g. if Circle somehow turned out to be engaging in fraud or had US regulatory action against them (I think this is highly unlikely but I think people should consider and understand these tail risks when they use these products).
In the other thread people have proposed switching to Chainlink oracles, which is clearly an improvement that could have prevented this specific attack, but it still doesn’t prevent all tail risks to using Compound and the idea of there being a “safe” max borrow is still a dangerous and incorrect idea in my opinion.
Sadly, I believe not. I already touched on this in my response to the previous question, but users should understand how a protocol works before using it, including the oracle and the liquidation process. I have used Compound with DAI but I am very careful about my ratios because even before this incident, if you look at the price history of DAI-USDC on Coinbase (for a long time Coinbase only had DAI-USDC but no DAI-USD, I guess because they wanted to promote USDC and force users to use it) you can see other times in the last year when the illiquid market has resulted in temporary ridiculous prices. For example the 2019-07-14 candle shows a max price of 1.35 and the 2020-03-11 candle shows a max price of 1.126, so even just pulling up the Coinbase price history would show anybody that they ought to be planning their positions around the possibility of the Coinbase-based DAI oracle printing 1.3.
In fact, I would go so far as to posit that many people people who understand how the oracle works have been cautious with how they use the protocol out of fear of the exact thing that happened occurring, and that part of the reason for the apparently outsized returns offered by yield farming is that maybe you can get a 20% return with aggressive recursive yield farming, just like you can by buying junk bonds, but they also pose non-trivial chances of significant loss of your initial capital. In reality, if you see something easy that offers 20% return and it seems safe, you are almost certainly wrong. Either the return is not as high as you think or the risks are higher than you think. If Compound was safer, more people would use it until the return was pushed down to a reasonable risk-adjusted return. The only reason the return is so high on using recursive leverage for yield farming is that it is actually risky. For awhile the yield farmers were taking this high risk (and I admit many of them did not realize it) and they got what appeared to be a really high ROI, and then they got burned. It makes no sense to reimburse them because these sorts of risks in a new protocol are the exact reason why more people aren’t using it yet (and once DeFi gets to the point of protecting against these risks better, more people will use it and they will push the returns down).
I think compensating the affected users sets a bad precedent because people need to understand the financial products they use and they need to take responsibility for evaluating the risks, and accept responsibility when the bad side of their risks manifests. This was not a bug in the code, it was a combination of a bad design choice (Coinbase oracle vs Chainlink) and users who didn’t DYOR by understanding the existing oracle or pulling up the Coinbase DAI price history (or inspecting the liquidity of the Coinbase DAI markets, which could have revealed that the DAI liquidity on Coinbase was small enough that this attack could be profitable for the attacker). If the affected users are compensated it will just encourage more risky behavior in the future and encourage people to use the protocol without understanding it. What if Compound compensates the users, and switches to Chainlink, but somebody figures out an attack on the Chainlink oracle? People would definitely expect compensation again but it starts to get impractical and create a slipper slope. Sure it’s unlikely, but it is ultimately the responsibility of the users to consider and evaluate these risks.
I mentioned this above too, but I strongly believe Compound should remove any terminology around a “safe max” borrow from the UI. “Safe Max” is a ridiculous and inherently flawed idea in this context because there are always multiple risks in the protocol code, the oracle code, counterparty risk from the managers of the stable coins, and many more. Users need to be responsible for understanding and evaluating these risks on their own. If you think that there is such a thing as a “safe max” borrow or a “safe” way to use Compound (Disclaimer: I am Compound user) I highly recommend that you do not use it. There are relatively safe ways to use it, and I think many people have found ways to use it that are low risk and that most users understand these risks, but for the UI to bait people into thinking their position is “safe” because it displays as such is dangerous and will just lead to more tragedies in the future like this one.