Keep in mind users lost more than the 8% liquidation penalty. Collateral was seized at an incorrect price.
Yes this is 100%. While some dilly dally about compensation - the truth is investors got screwed. If you don’t compensate them to some degree they will leave en masse - all investment banks compensate investors to some degree-willingly or not- when they fk them over. If there isn’t some restitution then compound as an exchange will shrivel up
No it was not fair. It was not the market price. It was an outlier that should have never been published. Further, it should have never been used to trigger liquidations or price the collateral that was being seized. In fact, Coinbase Oracle promised three layers of defense to guard against publishing prices that did not reflect market value, including off-chain filtering. All failed.
For an oracle to provide a reliable price feed it is important to address various scenarios in which a data point to be signed does not reflect an actual market price of an asset. There are three layers in the Coinbase price oracle architecture designed to solve this:
- Price source . We use the Coinbase Pro API as the source of the price data. Coinbase Pro is one of the most liquid crypto-exchanges in the world. There is already an ecosystem of oracles, market makers and traders that rely on an accurate data feed provided by the Pro API. As such, Coinbase is making continuous investments in the quality of the API itself, as well as the market, as measured by liquidity.
- Off-chain filtering . The Coinbase price oracle implements a filtering mechanism that rejects data points that significantly deviate from the expected volatility of each asset.
- On-chain filtering. Compound open oracle’s contract implements concepts of an ‘anchor’ source. Data points that significantly deviate from the last price reported by the anchor source are rejected.
No, users were specifically told by the Compound UI that 80% borrowing power was safe. Furthermore, users had every indication that the contracts had undergone audit and had been battle tested for months, and would not be subject to faulty price feeds. I don’t believe the Compound engineers were aware of this risk themselves. If the expectation is that users should understand the risks of a protocol better than the people that built it, well that is frankly preposterous. I believe the fact that there are discussions of hardening the protocol indicate that there is an admission of improper risk currently in the protocol.
I’ll admit we don’t deserve compensation, but at the same time, Compound does not deserve trust if they do not make some effort to admit fault and mitigate impact. Most if not all businesses and DeFi communities go out of their way to mitigate impact when there is a hack/exploit resulting in loss of user funds. Why would Compound buck this trend?
Take the market value for the collateral seized minus the true market value for the DAI repayment in all liquidation events (with DAI being worth 1.03). You have your answer for the loss. Whether it’s shared partially or fully repaid is up to the community.
Reserves first makes sense since that was explicitly allocated for “insurance.” COMP to fill in any any gaps makes sense as well.
No, I don’t believe it does create a new social contract that doesn’t already exist. It seems to be already implied through the setting aside of reserves as insurance, that the protocol would use its resources to mitigate the impact of an incident. I anticipate compensation would allow Compound to retain trust and users.
I would like to highlight this point. The reserves are there for a reason and this is undeniably it. We the voters are here for a reason and this is undeniably it.
The Compound protocol exists in a competitive and ever-changing DeFi space. For compound voters to choose to abstain from compensating the losses suffered by the users of the protocol, they are choosing to separate Compound from the tradition of decentralized goodwill found in the interactions between protocols and their users (see uniswap’s airdrop). Decentralized governance systems (democracies) like the one on compound, through their financial transparency, have the freedom to exercise this tradition when they are presented the opportunity to make wrongs right. Looking at other protocols that have been exploited in some way: After their users lost money due to an exploit in their protocol, Pickle created a token that tracks the losses suffered in this attack and can be burned for reimbursement dai (correct me if I’m wrong).
The oracle exploitation needs rectifying on a technical level (changing the oracle, and misleading “safe limit”) and on a financial level as well (compensation).
Let me congratulate @TWS49 for not losing money in this exploit! Speaking honestly, I appreciate your sympathy. In reading your post, I couldn’t help but notice that you devoted a plurality of your response to the description, in technical detail, of your level of care and the exhibition of your high level of knowledge and understanding of the compound protocol. I don’t believe that these particular sections of your post are helpful, and your particular trading habits and your higher level of education have no relevance to this discussion.
Boiling down @TWS49’s statement to reveal the argumentative aspects exclusively…
First: ‘the users impacted could have been aware of the risk in the first place.’ This argument has been thoroughly debunked in @cryptoguy123’s second response.
Second: ‘compound is inherently risky, therefor compensation is wrong.’ My problem with this view is that it neglects the nuance in this situation. I would love to read an answer to the following question: in what circumstance would compensation would be correct? I believe any attempt to respond to that question will reveal the shakiness of the other stance in this debate. The protocol itself has been audited 9 separate times, it’s unlikely that there exist holes in the protocol that can be exploited in a way more severe than this, therefore, as the DAI liquidation is the severest exploitation currently possible in relativity to the security level of the protocol, the exploitation should be recognized as such and should not be dismissed on the basis of inherent risk in the compound protocol. An example of an inherent risk in Compound is the risk for potential liquidation if the collateralization ratio of ones supplied ethereum drops to 75%. What is not an inherent risk is the potential for anyone who understands how flash loans work and has sufficiently large and liquid capital to exploit the users and buy their supplied ethereum for absurdly cheap and liquidate a portion of their borrowed dai.
@TWS49 also mentions that he believes that compensating the exploited users sets what he sees as “a bad president.” He goes on to say that compensation will encourage riskier behavior in the future and cause people to “use the protocol without understanding it.” But let us not leave anything implicit and revise the latter quote to be explicit to the opposition’s argument. What they are saying in actuality is that everyone who uses the Compound protocol must understand not just the protocol itself, but also educate themselves beyond a reasonable extent (as I believe I did). In addition, they must also possess an absolute galaxy brain in order to look past the user experience comforts of not only compound (see: safe limit) but also Coinbase’s branding/corporate propaganda that describes their “three layer” price oracle and exalts it as a technically robust and reliable price feed.
In my opinion, @TWS49 asks an unreasonable amount of Compound users. In addition, there exist other borrowing/lending protocols that do not require their users to go to these lengths. For example, aave uses the chainlink oracle service so that users don’t need to bother with all the trouble that @TWS49 went through.
I think conservatively of the ~$100M liquidated, 15-20% would be the financial impact, with individual users losses varying from 10%-40% depending on their collateral and LTV. I also don’t think 100% compensation would be fair to the 90% of funds (using funds % rather than user % intentionally) that weren’t affected by the Dai pricing issues.
Realistically, if we ask the community for any $dollar amount, we’re going to get the cold-hard reality of “protocol worked as expected, rules/logic were followed exactly, you assume the risk when you use the protocol.” This is all objectively true.
As for realistic compensation, this might be a bit of pipe dream, but is there any possibility for some type of B share version of Comp, where the token is worth nothing but has more voting rights. I see this as win-win. The opposition for financial compensation would never vote to pass “bail-out” of sorts, so this proposal would meet that criteria. For those affected, they aren’t in a better place financially, but encourages them to be more involved with the Compound Community and protocol upgrades/updates conversations.
Full Disclosure: I am one of the impacted address, but have accepted situation for what is is.
I respect the opinion but your arguments are completely contradictory. You claim that this oracle attack is planned but that there should be no compensation to users? In which direction do you want this project to go?
Tomorrow, a new weakness of the project may be discovered and your address will be compromised, so how will you react?
By ignoring such planned attacks, the project will lose the real users who will have to find a safer alternative.
The compromise is if the affected addresses are compensated in the COMP token. My collateral was liquidated in a ratio of 1 ETH: 377 DAI and given the obvious market manipulation, I expect to buy back Ethereum in that ratio.COMP token is worth nothing if such situations are ignored by community.
People who are against compensation for damaged addresses do not have a single valid argument for their suggestions.
The situation is very clear -
- Stablecoin volatility of 30% is unacceptable
- Stabilecoin volatility occurred at only one price discovery source
- The protocol whose users were affected was exposed to information only from that manipulated price discovery source
What you’ve laid out is all true, and I completely agree with you. Where I think we start to diverge is asking for X dollars for compensation and what actually will happen if the compensation proposal goes up to vote.
Case1 - Ask for financial compensation:
Assume impacted users control 20% of the voting power, and request 30% of losses to be compensated to impacted addresses (for sake of example we’ll say $3m). Also assume proposal goes up for vote. We potentially have 80% vote power against us, taking a look at the top 10 delegated votes some have already voiced their opinion on not compensating users. I’m very doubtful that a16z or Polychain Capital will vote in our favor. It’s an unbalanced situation.
Case2 - Ask for something that material but financially not going to impact the community or protocol directly
In my response, I was asking for vote-only shares but the objective I’m optimizing for is getting a proposal up for voting and passing. I want to be compensated somehow that is meaningful (this is up for interpretation, to you it could be financially and for me it could be bigger stake at the table). We laid out great reasons on why this shouldn’t happens and how we should improve protocol, and both sides are in agreement here. Using that momentum, we have a greater chance of convincing the 80% to vote in favor of our proposal.
I’m going to write up a longer post soon, but wanted to reply to @tacocat just to let you know you should not get too disheartened. Monetary compensation is an investment in community and the social layer of the protocol, which a firm like Andreessen Horowitz is well aware of. They think long-term and hope to get good ROI. No need to metagame yourself into despair just yet.
Someone tricked us and liquidated Ethereum at a ridiculous price. The purpose of such protocols is to automate processes while PROTECTING users. And those who are against compensation admit that the attack was planned.
If the community votes against compensation to liquidated users, it is a sign that the users’ funds on the platform are not safe and that the community doesn’t have long-term goals with the project.
What would be the next steps to move this forward though? Would it be to bring a proposal up to vote? It seems like Compound’s message is that this is all ‘up to the community’, which sounds pretty hopeless as it seems like it is out of the platform’s interest to do anything as long as the number of affected users / $ size is too small to have an impact, or if it does not impact the big stake holders.
If this is ever brought up to vote, I guess it will need to be a more general proposal of setting up an insurance fund from the reserves for incidents like this for everyone, so that it is more aligned with most people’s interests. Even with that, by nature people don’t really care until bad things happen to them; so I don’t know how attractive it is going to be.
In the end of the day, the true meaning of ‘decentralized’ and ‘community governance’ is that no one will be held accountable when things go south, but the ‘community’ doesn’t really have control as advertised either since the majority of tokens are held by a few people. Others can only rely on their “good will”, which I hope works out, but we shall see.
Excactly. It’s obvious that the original Compound team is playing the “community card”. I guess just to make sure, that they are not held accountable for the obvious wrong decision to use the open oracle with only one source. It’s interesting to read the following posting in that context:
I agree, the implementation is designed to minimize the risk of relying on Coinbase. But this doesn’t help, if Coinbase is used as the only source. Coinbase is already low risk? That’s an interesting assumption.
Compound shoud cover liquidation compensation in similar way as Aave v2 in safety module (Aave token are used in this way and staked to 10% per year)
I agree, the solution is actually very simple. COMP will end up in the hands of users who keep their funds in the protocol.
We should raise a vote to the DAO
I’m not sure why you all are making the assumption that “everyone who got liquidated deserved it because they were yield farming and dumping the COMP”
I was not, but unfortunately I got liquidated and I don’t have enough COMP to raise a vote.
Compound is not only for “whales”, everyone should feel safe using the platform and be able to know that in the event that it doesn’t work as designed and is manipulated into liquidating users at a ridiculous premium, that they have users’ backs.
Compound has been successful because of how simple it is to use, you deposit one asset, borrow Compound’s “safe max” of some other asset, and that’s it. The UI is very clean, and it appears safe. On the surface it seems to accurately be using the price of assets in the general market.
Compound totally dropped the ball here (it’s not a “safe max” if it’s set at 80% for every asset, and it’s definitely not safe if you can get liquidated borrowing a safe max amount of one stablecoin against another).
In the long term interest of the platform’s success, compensating users who were unfairly liquidated due to a price oracle attack seems a small price to pay. For those of you hoarding your COMP and refusing to support a vote to help any affected users, not supporting the community is going to dramatically reduce the value of your COMP in the long run. Once people realize Compound is selfish and doesn’t support their community, people are going to leave. And that’s not going to do well for anyone with a vested interest in the long term success of the platform.
Paying affected users from the insurance fund or from the treasury reserves can only have a positive long term impact. And it needs to happen if Compound wants to maintain the trust and market leader reputation that it had before this event took place.
I think you missed something or just fail to reply to the right person.
I am liquidated in “DAI liquidation event” and of course I think that is not my fault in risk management. It is a clear manipulation of the centralized price discovery source with frontrunning elements.
Where you find this: “because they were yield farming and dumping the COMP”?
Maybe you got it in the wrong context.
I personally use Compound to save cryptocurrencies while remaining liquid in business.
It’s just not clear to me what kind of benefits Compound protocol has from yield farming when someone doing leverage with stablecoin pairs? For me its just COMP exploitation without long-term benefits for protocol.
Unfortunately, in this situation we depend on VC funds which are early investors and hold the majority of voting rights. We can’t even do it proposal because treshold is too high. So much about decentralization…
I did not come across any quality argument of those who are against compensation.
Someone should reach out to a16z (Andreessen Horowitz), Polychain Capital, Gauntlet, and Paradigm with a good case for why they should vote to compensate affected users
I think VC would be happy to earn revenus from investment rather than only capital gains