As of September 8, 2025, security responsibilities have been transferred to incoming providers Certora, ChainSecurity, and zeroShadow following the agreed transition framework.
Deliverables Completed
Transition items were delivered as committed:
- Historical proposal issues (delivered Aug 27)
- Known vulnerabilities (delivered Sep 3)
- Incident patterns documentation (delivered Sep 5)
- PagerDuty account (responsibility transferred Sep 4)
- Immunefi administrative access (granted Sep 4)
- Community multisig signer addition (addresses received Sep 5, transactions created Sep 8-12)
Operational Continuity
Our team maintained operational responsibilities through September 8 while supporting the incoming providers’ preparation.
The wUSDM deprecation was handled without affecting transition preparations or scheduled audit commitments.
When the V1 oracle issue emerged, security providers collaborated on the response, with our researchers contributing analysis to precisely quantify funds at risk and evaluate remediation options.
Both teams conducted parallel security audits to assess knowledge transfer effectiveness. While the available audit scope was not ideal for this purpose, the review meeting facilitated discussion of findings and any discrepancies. Knowledge transfer focused on protocol-specific context and historical patterns relevant to the incoming providers’ responsibilities.
As Compound’s needs evolve, our team remains available if additional perspectives or capacity would be valuable. Thank you to the Compound community for the opportunity to contribute to the protocol’s security.