Here is an update on the incident and next steps for the Compound community:
On Aug 30th at 6:20 PM UTC, Compound Proposal 117 was executed to upgrade the Oracle Contract to a new version that uses Uniswap V3 instead of V2 for price feeds. It had passed a governance vote after being proposed by GFX Labs on behalf of ChainLink. The changes were reviewed by OpenZeppelin along with Dedaub and ABDK.
At 6:38 PM UTC, the proposal executor noticed that all calls coming from the Comptroller to getUnderlyingPrice for the cETH market were reverting and notified Compound developers of the issue. All other cToken markets appeared to be unaffected. Compound Labs, ChainLink, GFX Labs and OpenZeppelin teams were immediately notified and jumped into a war room.
At around 6:47 PM UTC, the proposal executor reported that because cETH does not have an underlying() method assumed to be present in every cToken contract by the new oracle implementation, the getUnderlyingPrice function returns empty bytes that cannot be decoded and the call reverts. This source of the issue was verified by Compound Labs and OpenZeppelin shortly after. This leaves withdrawals and liquidations in the cETH market effectively frozen while the issue remains in place.
At 7:14 PM UTC, a new proposal was submitted by GFX Labs to revert the upgrade and return to using the V2 Oracle contract. It is set to be passed and executed after a 7 day governance process. In the meantime, Compound Labs issued Twitter and Discord posts notifying users of the price feed issue while the war room participants continued to investigate the issue further to determine the impact on existing users.
The primary issue right now is a temporary denial of service for the cETH market which will be resolved by the new governance proposal. No funds are at risk at this time. The rest of the cToken markets on Compound V2 and all of V3 remain functional.
However, any users that deposited ETH and obtained cETH for opening borrow positions must be aware that they might get instantly liquidated whenever the fix proposal executes IF by that time the price of ETH has dropped significantly. These users can add collateral and repay borrowed assets normally to cover for eventual price drops by monitoring their borrow positions accordingly.
We’ll continue to work with the Compound community to ensure a speedy resolution and keep everyone informed on updates as they come. Once the immediate situation is resolved, a post-mortem will be forthcoming.