Governance Security Notice: goldCOMP Proposal 247

Simple Summary: Notice for all Voting Delegates.

An unexpected proposal was recently created on May 6th, 2024. The proposal would transfer 5% of the COMP treasury to a Multi-sig that it claims is controlled by the “Golden Boys” for the purposes of investing the funds in a goldCOMP DeFi vault for generating treasury yield. The account making this proposal was delegated 95K COMP a week ago. The proposal was not discussed prior in the forums and the delegate did not identify itself to the community prior to the proposal being created. There are additional new delegations that have been made that raise concerns that this is possibly a coordinated governance attack.

Background

OpenZeppelin’s monitoring in the security-alerts Discord feed have identified a number of new COMP delegations between April 29th and May 2nd. To summarize the impact of these alerts so far, there are 5 addresses that are all withdrawing COMP from the ByBit exchange hot wallet. All 5 delegated voting accounts follow the same withdraw pattern so we can assume it belongs to the same entity.

  1. 0x4f3a - 42,695 COMP delegated
  2. 0x9d03 - 40,012 COMP delegated
  3. 0x93cb - 39,188 COMP delegated
  4. 0x4ac0 - 48,724 COMP delegated
  5. 0xc64c - 59,714 COMP delegated

These 5 accounts represent a combined total of 230,333 COMP. This represents over half of the 400K quorum threshold to pass a proposal. On May 1st, 2024, we alerted the community of the risk that these delegates could be in support of a potential governance attack.

It’s unclear that the proposer, 0x36cc, for Proposal 247 is related to these other accounts that sourced their COMP from ByBit. However, the timing of the new proposal and these recent delegations is suspicious.

Assuming that these accounts are all connected and coordinated, they represent a combined total of 325,333 COMP, which is only 74,667 COMP short of the quorum threshold. There may be other smaller delegations or accounts supporting this potential attack that could get them beyond the quorum threshold.

It’s important to note that neither of these delegations may be malicious in nature and could simply be coincidental. However, OpenZeppelin believes that the high amount of COMP recently delegated and timing of this unexpected proposal prompts a high-level of community scrutiny.

Call to Action

We recommend that all governance delegates review Proposal 247 and share their thoughts on the proposal in the thread below. We urge ALL governance delegates to be prepared to vote on Proposal 247 in case a large number of new delegate votes come into play.

We further recommend that the proposers behind Proposal 247 engage in community discussion about their proposal so due diligence can be performed. An account called “Humpy - Golden Boys” recently identified itself on the community Discord.

Disclaimer: OpenZeppelin has no opinion on Compound’s governance decisions beyond its security mandate. We have posted this notice and raised this concern due to the potential patterns we see matching a coordinated governance attack. We are entirely neutral on the content of Proposal 247, although we generally recommend that proposals allocating funds from Treasury should be discussed with the community prior to submission on-chain.

14 Likes

The proposer of Proposal 247 has made a post here: Treasury to Invest 5% of COMP holdings into goldCOMP Vault

2 Likes

Thank you for your diligence @cylon and the rest of the team at OpenZeppelin.

On behalf of Blockchain at Columbia, we are strongly against the proposal. On top of the high potential of it being a malicious governance attack, the negligible track record of the proposer and the lack of any community discussion prior to submission is cause for concern in its own right. Passing such a proposal would set a dangerous precedent for Compound, regardless of whether malicious or not.

In an effort to curb serious concerns about the integrity of our governance process, we echo OpenZeppelin’s call to action and recommend that all delegates review Proposal 247.

1 Like

Thanks @cylon for flagging.

Irrespective of the abnormal behaviour, going straight to an on-chain proposal without forum/community discussion is not conducive to a healthy governance environment and is something we are strongly against. There has been zero attempt to gauge community sentiment or incorporate feedback. Lastly, there is no strong reason why the COMP needs to be transferred into a multi-sig and out of the control of the DAO.

We will be voting against this proposal and urge other delegates to do the same.

4 Likes

Thanks @cylon and OpenZeppelin team.

wow. They’ve already added COMP in their homepage. :sweat:

I will be voting against 247 proposal.

I was wondering the whole COMP amount they collected from the lending service on ByBit exchange.

3 Likes

As with the many points prior, we are voting against this proposal and wish for more discussion if this was a proposal in good faith.

3 Likes

Proposals like this are unlikely beneficial to the prosperity of Compound. We will be voting against.

3 Likes

It’s important for proposals to allow adequate time for discussion before being submitted, and the goldCOMP proposal hasn’t fulfilled this.

Other issues with the specific prop:

  • Unsafe admin authority for granted COMP (sent to multisig with unknown security/accountability characteristics)
  • Investment strategy itself is somewhat abusive to Balancer’s liquidity incentives program
  • 99/1 Balancer pools have some non-negligible potential for divergence loss, which proposal does not address
  • goldCOMP token has unclear security characteristics

I’m not completely opposed to the idea of protocol owned liquidity or investment strategies but this proposal is coming up short. Humpy is welcome to engage with the community to see if there’s scope for a viable proposal.

4 Likes

Hello,
Thank you all for the feedback. The Golden Boys team have acknowledged the various criticisms, most importantly not having prior discussion before onchain vote. Thus proposal 247 has now been cancelled.

Unsafe admin authority for granted COMP (sent to multisig with unknown security/accountability characteristics)

GOLD Multisig is a 3 of 5, consisting of following members:
Gosuto - ( Warpcast ) , Ogle - ( @cryptogle ) , Alonso - Gold Growth Lead @baselordeth
Andrea - ex Balancer lead & DeFi adviser , Humpy - Early DeFi adopter Whale

Investment strategy itself is somewhat abusive to Balancer’s liquidity incentives program

The goldComp pool does not receive any incentives from Balancer, as rewards are paid in GOLD tokens

99/1 Balancer pools have some non-negligible potential for divergence loss, which proposal does not address

We will address this by clearly stating that any Divergence loss, though very minimal in a 99-1 ratio pool, will be fully covered by Gold’s treasury.

goldCOMP token has unclear security characteristics

goldCOMP is open sourced: GitHub - HumpysGold/goldCOMP,
An Audit was performed here
Further review of audited codebase is welcomed.

2 Likes

A follow-up proposal from the Golden Boys, Proposal 279, was recently submitted and will begin voting in less than two days. If the community wishes to vote against this proposal, we urge ALL governance delegates to be prepared to vote on Proposal 279 in case a large number of new delegate votes come into play.

More on this in our forum post reply:

1 Like

A third proposal from the Golden Boys, Proposal 289, was recently submitted and will begin voting in 8 hours, following the overwhelming defeat of their prior two proposals. They have increased the amount of COMP being requested. They may be attempting to submit the proposal so that the majority of the voting period occurs over the weekend and the participation is low enough to allow them to pass their proposal.

If the community wishes to vote against this proposal, we urge ALL governance delegates to be prepared to vote on Proposal 289 in case a large number of new delegate votes come into play. We HIGHLY recommend that all votes are submitted this Friday to ensure low participation over the weekend does not impact the result.

Going forward, we recommend the community begin to consider solutions to combat recurring proposals from bad faith delegates such as the Golden Boys, who have repeatedly shown an unwillingness to directly address community concerns or accept the outcomes of past failed proposals.

2 Likes

This latest proposal passed:

Situation Update on Proposal 289: As originally feared, a large amount of recently delegated COMP voted in favor of the Golden Boys proposal and they were able to defeat all other community voters to pass the proposal. Proposal 289 will now be available to execute on Tuesday.

OpenZeppelin is working with all active delegates and Compound contributors to assess options for protecting the protocol. We see serious risks to the future decentralization of the DAO as a result of Proposal 289 passing and so we are exploring options to mitigate or reverse this outcome.

1 Like