Compound Accidentally Gives $90M to Users
This week Compound (COMP), the fifth largest Decentralized Finance (DeFi) protocol, mistakenly awarded users $90M. The bug causing this misallocation of funds was implemented in an otherwise minor system upgrade, with some DeFi developers saying it was a simple one-letter bug in their code. While the bug was found prior to issuing the entirety of the company’s assets, the nature of the Compound protocol prevents quick changes requisite to stopping the faulty distribution of millions. The founder, Rober Leshner, explained in a tweet “There are no admin controls or community tools to disable the COMP distribution; any changes to the protocol require a 7-day governance process to make their way into production.”
The only reason the issuance of funds stopped at $90M was because the affected contract address only had 280,000 COMP tokens. While $90M is a substantial sum, the protocol has $10.33B in locked assets, so losing these funds won’t be the end of Compound. The COMP token saw a crash of roughly 13% when the news broke, but it has largely recovered since that time.
DeFi bugs like this, while uncommon, are not unheard of. Earlier this year, Alchemix had a similar incident resulting in $4.8M of mistaken issuance. The bigger problem for Compound may be Leshner’s response: on Twitter, he asked Compound users who received these accidental payouts to return the funds, stating “ . . . otherwise, it’s being reported as income to the IRS, and most of you are doxxed.” To his credit, he apologized shortly thereafter.
In previous situations of this nature, large amounts of money have been returned with reasonable rewards given in exchange. Leshner suggested Compound users keep 10% of what they received and return the rest, but his threat of doxxing seems to have soured the public’s view of the situation.
UPDATE: This story is still ongoing, as Leshner has now said the amount of tokens at risk has risen to $162M.
Axie Infinity Had a Big Week
Axie Infinity's market cap exploded this week following parent company Sky Maven's announcement of AXS staking, a new DEX, and an airdrop for early adopters. At the time of this writing, Axie has added $5 billion to its market cap in 7 days.
Axie Infinity (AXS) ($9 billion market cap) is the most popular play-to-earn NFT game. Players mint NFT monsters and fight them against other players, similar to Pokemon. Players also earn crypto through the game, and there is a thriving market for trading in-game assets.
Investors can now stake AXS and earn rewards, with individual investors and crypto companies taking part. Yield Guild Games announced it has staked over $16 million, and the total amount locked into Axie staking is over $1 billion. Sky Maven also announced an upcoming decentralized exchange (DEX) for the Axie ecosystem.
Adding fuel to the fire, Sky Maven airdropped over $60 million in AXS to early adopters. Anyone who interacted with the Axie ecosystem before October 26, 2020 is eligible to receive free AXS.
Bitcoin's Taproot Upgrade Will Unlock Security and DeFi
The Bitcoin Taproot update is coming in November, 2021. Taproot is the first major upgrade to the Bitcoin software since SegWit in 2017. Taproot will improve encryption on Bitcoin, which will immediately increase security on the network while unlocking the potential for smart contracts and future DeFi applications.
Bitcoin has a reputation for its early use in illicit transactions, but the current Bitcoin blockchain makes it fairly easy to track money and users. The Taproot upgrade increases data privacy on Bitcoin by adopting a new approach to recording transactions: during a transaction, the two parties combine their public keys to create a new public key and combine their signatures to create a new signature; the process relies on the Schnorr Signature Algorithm (SSA). It's unclear how blockchain security firms like CipherTrace will respond to the Taproot upgrade.
The Taproot upgrade also allows for "bundling" of transaction data on Bitcoin, which greatly increases network storage capacity while decreasing cost of use. As storage capacity increases, smart contracts become viable on Bitcoin. This means that the Bitcoin network is on its way to becoming a possible platform for decentralized finance (DeFi) projects. Taproot may not unlock enough transaction bandwidth and space savings for a full DeFi ecosystem, but it's an important step toward Bitcoin truly entering the exploding DeFi space.
Project Spotlight: Serum
Serum (SRM) is a permissionless decentralized exchange (DEX) built on the Solana blockchain. Serum’s stated goal is to "bring the speed and convenience of centralized exchanges to DeFi while remaining fully trustless and transparent.” Part of the final vision for Serum is being fully interoperable with Ethereum, meaning users can interact with Ethereum’s blockchain using the speed and low cost of Solana. Serum is acting as the backend of DeFi for this ecosystem; they’re even reserving 20% of their fees to support projects that are hosting activity on the exchange and building interfaces for users.
Since it is built on a high speed chain like Solana, it can offer things most other DEXs cannot, including: sub-second trading and settlement, fully on-chain order books similar to traditional centralized exchanges, and fees at fractions of a penny. Serum has prominent names supporting it, as it’s backed by the people who made Alameda Research, FTX, Compound, etc., and it has enlisted large market maker Jump Trading to provide liquidity (a common problem for DEXs).
Serum is currently working on phase 3 of their roadmap, which involves building out many of the common DEX features, such as yield harvesting, borrowing and lending coins, margin trading, and building more cross-chain bridges. SRM is currently just under $1.2B market cap.
TL;DR: Serum is a permissionless DEX built on Solana offering some of the fastest DEX functions, completely decentralized derivatives exchanges, and trustless cross-chain trading.
DeversiFi Pays $23 Million in Fees to Transfer $100,000 Then Gets the Money Back
Bitfinex made the news last week after paying over $23 million in Ethereum (ETH) gas fees to transfer $100,000 in Tether (USDT). A few days later, the miner who won the block returned almost all of the ETH paid for the transaction.
Observers first noticed the transaction on Etherscan, where the transfer was using a Bitfinex wallet. Over the next few days, more information about the transfer emerged. Original reports suggested the gas fee was a typo by someone at Bitfinex, but according to Bitfinex this was not the case.
Decentralized finance (DeFi) firm DeversiFi took the blame: "At 11:10 UTC on the 27th September a deposit transaction was made using a hardware wallet from the main DeversiFi user interface with an erroneously high gas fee." So it was a software error, not a typo, and it came from a DeFi firm using a Bitfinex wallet, not Bitfinex itself.
DeversiFi offers "gas free" transactions to users, but it's obvious now that the company pays gas fees to operate on the Ethereum network. DeversiFi originated in Bitfinex's incubator, and it still uses a Bitfinex wallet.
A few days after the famous transfer, the miner gave back most of the 7626 ETH reward. It's unclear why the miner felt compelled to return the money.