In-depth analysis of the details and purpose behind the Compound governance attack: The giant whale regains control of the old DeFi

Abstract: With the end of last weekend’s Bitcoin Conference, relevant conference details continue to be exposed, which are basically not much different from my previous judgments, such as Trump’s energy policy to please Bitcoin enthusiasts strategy, and by exaggerating some changes in official attitudes, specifically referring to the rhetoric of the so-called strategic reserve, highlighting its value as a commodity. What I didn't expect was that his speech would turn into a typical "Trump-style" campaign rally. He likes to use some ideas and information without logical argument to attack his opponents, which is unavoidable. It remains to be seen whether some of the promises it has made are true. But basically this matter has been settled, so the author paid attention to some other events and saw a very interesting information. Compound suffered a governance attack. Because I have been working in DeFi for a long time, I am not interested in this. I was very interested in the information, so I did an in-depth study of the whole story behind this matter, and dismantled the implementation details behind it to share with you. In general, the governance attack encountered by Compound is a DeFi whale trying to forcibly seize the governance rights of idle Comp tokens in the Compound Treasury by voting on governance, so that it can fully control the Compound protocol.

The legendary whale Humpy who successfully took over Balancer takes action again

In fact, this is not the first masterpiece of this legendary whale. Before this, the whale implemented governance on Balancer in the 2022 DeFi Summer era. Attack, by controlling a large number of BAL governance tokens, and relying on Balancer's veBAL mechanism to control most of BAL's incentive release to the liquidity pool, thus forming control over Balancer. So far, humpy has become the leader of BAL tokens. The second largest holder, after the official team.

Regarding this classic event, Messari has a very exciting research report. Interested friends can read it in detail. I don’t know how many friends are familiar with Balancer’s veBAL mechanism. Let me briefly review it here. It was the DeFi Summer, and the innovation direction of each product was around how to achieve growth by designing a good tokenomics. Curve was a The core DEX of stablecoin was the first to launch the veCRV mechanism as its own tokenomics, and then achieved considerable results. Therefore, veToken became a popular design paradigm for DEX product tokenomics at that time.

One of the star projects of the same type, Balancer, happened to encounter an innovation bottleneck at the time, so it chose to follow up and launched its own veBAL mechanism. The essence of this mechanism is to adjust the distribution of a competitive resource within the product through voting governance, and then create extensive bribery scenarios, bring benefits to participating in governance, and then stimulate the enthusiasm of the community to actively participate in product co-construction. , and also found suitable value support for governance tokens. At that time, "governance extraction value" was generally used in the market to describe it.

In the DEX track, this competitive resource specifically refers to the liquidity incentive rewards of governance tokens officially allocated to the liquidity pools running on them. The proportion of rewards allocated to different liquidity pools is governed by voting Determined by the method, if you want to obtain voting rights, you must lock your governance tokens for a long period, which also reduces the circulation in the market and is conducive to the growth of market value. Which liquidity pool gets more votes will be allocated more BAL incentives. This can guide third-party projects to choose to use their tokens to bribe users with veBAL voting rights in order to stimulate the liquidity growth of their own tokens. Of course, this process It is generally implemented based on a specialized DAPP. However, there is a hidden flaw in Balancer's veBAL design that Humpy discovered and exploited.

We know that for DEX, its core business model is transaction fees. In order to attract more traders to use its products, DEX is trying every means to increase its own liquidity and attract customers through low slippage trading experience. user. Therefore, the design of veBAL cannot be divorced from this core goal, which is to increase transaction fees. However, in its original design, there was no restriction on the type of liquidity pool, and it only relied on the total number of votes obtained by the pool. This caused a problem, as long as a pool could obtain enough veBAL votes by some means. , it can obtain a larger proportion of BAL liquidity incentive allocation, even if this pool does not have any trading volume. This leaves room for the whale, so here comes Humpy.

Humpy’s core attack idea is divided into two parts. The first is to gain absolute control over the liquidity of a certain pool, so that you can obtain most of the rewards in the liquidity mining process. The second is to obtain for the pool you control. A huge amount of votes controls most of the BAL incentive distribution. This allows control over the protocol. Therefore, the first thing it chooses is to build a position in the tokens of projects that are inactive but have inflated market values, to reduce potential competitors. The second thing is to establish a liquidity pool with ultra-high handling fees (1%) to reduce users' willingness to trade. , which can reduce the participation willingness of LPs who are potentially attracted by handling fees. Through this method, it has achieved absolute control over a certain liquidity pool. Next, it purchases a large amount of BAL tokens through the secondary market, pledges them to obtain veBAL, and votes for its own liquidity pool, thereby obtaining most of the tokens. BAL allocation, but such incentive release does not make Balancer better, because no more handling fees are stimulated, it just makes Humpy cheaper. This is the so-called deviation between the interests of giant whales and the long-term development direction of the project. , can only bring about contradictions.

In actual implementation, Balancer’s official team did not sit still and countered Humpy’s vampire attack through a new Proposal. For example, it is possible to specify the range of pools that receive liquidity incentives, and operations to expand this range require official application and approval before they can be passed, or to set an upper limit on the proportion of rewards that can be distributed to a single pool, etc. But in the end, through a series of confrontations, Balancer and Humpy ushered in reconciliation. However, judging from the results, it did not prevent Humpy from gradually achieving control of Balancer through this method. The individual is the second largest holder and the largest. Direct results. This also paved the way for its recent attack on Compound.

By forcibly seizing the governance rights of a large amount of idle COMP in the Compound Treasury, Compound

The above incident occurred in 2022. After two years of silence, Humpy started to seize the ownership of another established DeFi. This is what happened recently. This time it has nothing to do with veBAL, but rather focuses on the governance rights corresponding to the large amount of idle COMP in the Compound Treasury.

This time it did not directly participate in the whole game, but carried out the operation by packaging a project called Golden Boys (of course it can also be called an organization). This project is actually a Meme with financial attributes. What? What I mean is that its core product is an ERC-20 token called $GOLD. However, the official has given its holders some expectations other than cultural attributes. One point is emphasized in the entire official website and blog introduction, which is $ The value of GOLD is maintained by Humpy, a giant whale, with years of experience and a large amount of capital and resource advantages. Holding $GOLD is equivalent to standing on the back of a giant whale. But in fact, it does not have any structured financial management, or product design such as income aggregation. It only allocates some liquidity incentives to $GOLD and some mainstream tokens. Some of these incentives are directly the increased $GOLD. Of course, part of it is the BAL reward. This is naturally due to Humpy's influence on Balancer, which allocates relatively high liquidity mining to it through its huge amount of veBAL (after studying this, it is a bit lamentable that it is not easy to win).

After preparing all this, he created a new Vault product called goldCOMP Vault. To put it simply, users can pledge their COMP into this Vault and transfer their governance rights to the Golden Boys. And obtain a pledge certificate, called goldCOMP, which is a negotiable certificate. Users can provide this certificate as liquidity to the 99goldCOMP-1WETH liquidity pool in Balancer, where 99 and 1 are the corresponding weights. This is basically It means that goldCOMP's transaction slippage is extremely low and there is basically no impermanent loss.

After staking liquidity, you can get liquidity incentives of $GOLD. Note that the reward here is not BAL, but GOLD. This is naturally because choosing GOLD as an incentive is more conducive to the Golden Boys controlling the interest rate of the pool. , anyway, it’s all under your control. The current interest rate level is 180% and of course the TVL is not high. But what I’m not quite sure about is when Balancer will support third-party tokens to be displayed directly on the official website as staking incentives. Because I haven’t followed up on the progress of the project for a while. If it were not an official operation that could be set publicly, I would have to lament the helplessness of being taken away from me again!

在準備好這些後，GoldenBoys 開始了對Compound 的治理攻擊，其首先在今年5 月的時候就發起了第一次提案，提案的內容就是申請將Compound Treasury 中控制的COMP 的5%，也就是92,000 個COMP 轉移到Golden boys 的多簽錢包中，並通過多簽錢包質押到goldCOMP Vault 中，並賺取流動性挖礦收益，鎖倉一年。當然這個過程 Golden Boys 就是衝著這些 Token 背後出讓的治理權去得。毫無疑問該提案並沒有被通過，因為這個互操作對象實在有點簡陋，並沒有實際的業務支持，而且整個token 被分配後的操作都是基於多簽錢包，這就顯得人為作惡的可能性更大。因此在社區裡也引起了廣泛的否定，

但Humpy 並不氣餒，而是選擇和社區成員對線，其認為只要將整個過程通過Compound timelock 合約來批准任何多簽錢包對這筆Token 的使用，就可以緩解這些問題，因此在7 月20 日發起了第二次提案，這次申請的金額還是不變，但補充了一個額外的操作，透過設定一個Trust Setup 合約來實現上述效果，從而實現對多簽錢包的監督，但筆者實際去閱讀了該合約的代碼，只是簡單的設置了三個狀態，當Compound timelock 修改該合約的狀態為允許投資時，多簽錢包就可以任意動用這些token。當然這個提案也被否決了，但是可以看到贊成票明顯增加。這好像帶給人一個錯覺，Golden Boys 們真的是在不斷的優化提案，並取得了越來越多的同意，直到今天，第三次提案的通過，讓所有人傻眼了。

大家要注意，今天被通過的提案有一個核心的差別，本次提案申請的COMP 資金量已經不是92,000 個，而是誇張的499000 個，然而這一次，社區本來很自信將會輕易的打敗Humpy 的「陰謀」，但是結果令人大跌眼鏡，該提案以微弱的優勢被通過，支持票在短短十天內暴增了6 倍，這顯然是社區所未預料到的。而這也顯然是 Humpy 精心規劃好的操作。如果不出意外，隨著該提案的通過，Humpy 將實際成為 Compound 的所有者，主導任何提案。考慮到其目前的籌碼量已經足以超過對手，再加上新獲得的 499000 個 COMP 對應的投票權，Compound 將毫無疑問的被奪捨。

這件事情造成的影響是空前的，任何 DeFi 產品都需要重新監視自己的治理模型，以防遇到類似問題，我也會持續關注接下來的動態。我相信 Compound 社群也會奮起抗爭，最終矛盾將如何發展，有了 Balancer 的前車之鑑，實在不好說。

The above is the detailed content of In-depth analysis of the details and purpose behind the Compound governance attack: The giant whale regains control of the old DeFi. For more information, please follow other related articles on the PHP Chinese website!