Compound Finance v2 Forks

Compound Finance is a popular lending protocol that has been forked many times. Despite this popularity, there have been many hacks of Compound Forks due to common pitfalls.

Other resources:

• List of Compound Finance fork hacks

1. What is the process for adding new tokens?

Incorrect

No checks in place to prevent the addition of a ERC777 token

Correct

Validate that any token that will be added to the protocol has sufficient liquidity, a secure price oracle, is a standard ERC20 token without any callback hooks

Explanation

The Compound Finance codebase is vulnerable to reentrancy. This means that without a process to review new token markets (for example, this OpenZeppelin checklist), a token that risks a reentrancy attack or bad debt may be added

Links

• CREAM hack with AMP token
• OpenZeppelin asset listing checklist

2. What oracle is used for price data?

Incorrect

Spot price of a Uniswap pool or any price data that can be manipulated with a flashloan

Correct

A decentralized oracle (Chainlink, Band, UMA, etc.), Uniswap v3 TWAP or similar

Explanation

Oracle price manipulation changes the health of each borrowed position and can lead to bad debt, especially when combined with flashloans

Links

• Compound DAI liquidation

3. What are the collateral factors and borrowing curves used for different tokens?

Incorrect

Much higher borrowing factor permitted compared to Compound (or Aave), much lower interest rate curve to Compound (or Aave)

Correct

Similar borrowing factor and interest rate curves to Compound (or Aave)

Explanation

The risk of bad debt is higher in adverse market conditions when there is a greater fraction of assets that is borrowed

Links

• Compound's regular risk modelling with Gauntlet

4. What mitigations exist to mitigate the risk of a toxic liquidation spiral?

Incorrect

None, the protocol did not consider this edge case in detail

Correct

Many options exist with varying degrees of impact: - Apply a dynamic incentive or closing factor during the liquidation process, which reduces the reward for liquidators as the loan nears the toxic liquidation threshold - Allow markets to be quickly (or automatically) frozen in certain market conditions, in line with this research - Choosing borrow caps and and collateral factors on assets strategically to minimize the risk of bad debt for each asset depending on current market liquidity and recent volatility

Explanation

Any DeFi protocol that allows borrowing must enforce liquidations to avoid the accumulation of bad debt. The most common incentive design is to give the liquidator a fraction of the liquidated amount as a reward. If there is a fast enough price movement, the reward amount given to the liquidator could create bad debt in the protocol, which can result in a liquidation spiral. This spiral is a result of one liquidation causing the borrower position to become less healthy (higher ratio of borrowed assets to collateral) after a liquidation happens, triggering more liquidations.

Links

• CRV bad debt in Aave
• OpenZeppelin 2019 finding about "Counterproductive Incentives"
• Toxic liquidations whitepaper
• OVIX hack