Compound Governance Attack: Proposal 289 Controversy

Compound governance faces attack through Proposal 289 on July 29, 2024, highlighting vulnerabilities in vault-based lending protocol governance mechanisms.

By Oliver Woodford·29 July 2024·2 min read

Compound Governance Attack: Proposal 289 Controversy

Key Points

Compound governance faces attack through Proposal 289 on July 29, 2024, highlighting vulnerabilities in vault-based lending protocol governance mechanisms.

Compound Finance's governance system faced an attack on July 28, 2024, when Proposal 289 passed with a 52 percent majority, allocating 499,000 COMP tokens worth $24 million from the DAO treasury to a yield strategy controlled by a group of traders calling themselves the Golden Boys. The proposal's passage exposed fundamental vulnerabilities in token-weighted governance where concentrated capital could override community interests.

728×90

Proposal 289 would have created a "goldCOMP" wrapper enabling a small group to manage treasury distributions and generate yield for themselves while claiming to provide passive income to COMP holders. Five wallets, apparently acquiring COMP from the Bybit exchange, delegated more than 228,000 tokens to governance delegates associated with a participant known as Humpy. Combined with existing delegate holdings, this created voting control exceeding 81 percent of the 400,000 COMP required to reach quorum. The strategy required only 52 percent of voting participants—achievable through concentrated capital—rather than majority support from the broader COMP holder base.

Compound security advisor Michael Lewellen documented that multiple accounts had been observed purchasing COMP tokens specifically to influence the vote, suggesting coordinated exploitation of governance mechanisms. The attack demonstrated that token-weighted voting could be weaponized by wealthy actors willing to spend millions purchasing voting power to extract value from community treasuries.

The Golden Boys agreed to rescind Proposal 289 after AlphaGrowth, a competing proposal creator, offered a staking product distributing 30 percent of Compound's existing and future market reserves to COMP stakers proportionally. This settlement converted a governance attack into a negotiated outcome: the attackers received commitment to ongoing treasury distributions rather than a single massive allocation, while the community avoided having control of significant reserves handed to a small group.

The incident highlighted that governance tokens created asymmetric incentives where wealthy participants could accumulate voting power specifically to extract value. Compound lacked mechanisms preventing rapid token accumulation through exchange purchases or requiring voting delays that would allow community mobilization. The vulnerability applied broadly to protocols using simple token-weighted voting without additional safeguards.

MiningPool content is intended for information and educational purposes only and does not constitute financial, investment, or legal advice.

728×90