Summary
Timeline: From 2024-12-16 To 2024-12-17
Total Issues: 4 (0 resolved)
Critical Severity Issues: 3 (0 resolved)
High Severity Issues: 1 (0 resolved)
Scope
OpenZeppelin has reviewed Compound Governance Proposal #381, submitted by AlphaGrowth. The proposal aims to transfer 163,562 COMP tokens in a single transaction to a multisig wallet controlled by AlphaGrowth. The stated purpose of the funds is to support the continuation of the Compound Growth Program and expand its scope to new business units, as outlined in the forum discussion.
The Compound Growth Program was initially approved through Proposal 199, which allocated 7,770 COMP tokens on December 10, 2023, for a 4-month period. It was subsequently renewed on May 26, 2024, with an allocation of 75,246 COMP tokens, extending its duration until May 2025. The current proposal represents an early renewal for the program.
Overview
While the proposal highlights AlphaGrowth’s past achievements and outlines ambitious goals, it introduces several concerns regarding adherence to existing processes, governance centralization, and potential risks to the Compound protocol.
-
Deviation from Established Payment Process: Proposal 249 defined the Aera Vault as the standard mechanism for payments in stablecoins rather than COMP tokens. By requesting payment in COMP, this proposal bypasses the DAO-approved system designed to ensure stability, accountability, and risk mitigation.
-
Significant Lump-Sum Transfer: The requested transfer of 163,562 COMP tokens is proposed as a single, upfront payment. This structure requires substantial trust in the proposer and provides no incremental safeguards tied to deliverables or milestones.
-
Concentration of Governance Power: If executed, this proposal would result in AlphaGrowth controlling a significant portion of the total COMP supply, amounting to a significant percentage of the current governance quorum. This level of concentration poses a clear risk of centralization and potential influence over the protocol’s governance.
Critical Severity
Lack of Transfer Controls
This transaction mirrors previous governance takeover attempts, such as proposals 247 and 279 by Humpy, proposing to transfer voting power without safeguards. There are no enforceable mechanisms to ensure the proposer delivers on their stated commitments in exchange for the COMP.
Unnecessary Trusted Intermediary and Centralization of Treasury Operations
AlphaGrowth’s role as a funding intermediary for multiple proposed business units is unnecessary and centralizes a substantial portion of treasury control, effectively bypassing existing decentralized security mechanisms.
Governance Centralization
This amount significantly centralizes governance power, creating a potentially catastrophic risk for the DAO. It represents over 40% of the proposal quorum and nearly 15% of the current COMP reserves in the Comptroller. Even with assurances from the proposer, the DAO cannot afford to overlook even the most unlikely scenarios — this risk is both unnecessary and avoidable.
High Severity
Inaccurate Exchange Rate
The requested COMP amount relies on a speculative exchange rate for fixed USD-denominated expenses, which remain unaffected by COMP price fluctuations. Expenses should be estimated in USD, with a payment vault used to mitigate COMP price exposure for both parties and ensure recourse for the DAO.
Conclusion
Given the limited time, we could not perform an in-depth risk analysis, so this assessment is not conclusive, and we will continue to investigate. However, at this stage, this proposal presents an unnecessary risk to the Compound DAO. We recommend cancelling the proposal, recalculating the budget for each decision point in USD, submitting each decision as separate proposals, and leveraging the vendor payment system to distribute funding incrementally over time.