The proposal for the "Comet Vulnerability Bounty Program" by Compound DAO did not pass due to insufficient votes, with a support rate exceeding 70%

2023-12-10 08:37:27
Collection

ChainCatcher news, Compound DAO previously initiated the "Comet Vulnerability Disclosure (Fixed) Bounty Program Reward" proposal to reward a blockchain developer who reported and fixed the vulnerability, but the final voting result fell short by 15,000 votes (not reaching the necessary 400,000 statutory support votes). Over 70% of the votes supported this proposal.

It is reported that the pseudonymous developer "KP" discovered a vulnerability in the Compound COMP -1.33% v3 protocol (also known as Comet). According to KP's estimation, this vulnerability would allow hackers to directly steal user funds, but it would be fundamentally unprofitable (stealing $1 million in funds would cost the attacker billions of dollars in gas fees).

After discovering and verifying the vulnerability, KP reported it to Compound and its security partner OpenZeppelin, providing a code repository that included a proof-of-concept simulation of the attack. After the vulnerability was patched, KP proposed to the Compound DAO for a reward of $125,000. This proposal received support from Kevin Cheng, the head of the Compound Labs protocol, and Michael Lewellen, the head of solutions architecture at OpenZeppelin.

ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.
banner
ChainCatcher Building the Web3 world with innovators