A substantial drain on Compound Finance’s treasury, allegedly facilitated by a COMP whale known as "Humpy" via a recent governance proposal, has ignited concerns over the integrity of decentralized autonomous organizations (DAOs).
Humpy allegedly leveraged his substantial holdings to pass a proposal on Sunday that redirected 499,000 COMP tokens, valued at approximately $25 million, from the Compound treasury to a yield-bearing vault he and a group called the “Golden Boys” controls, industry participants say.
The proposal on the lending platform’s DAO governance forum passed narrowly at 51% with a vote of 682,191 for to 633,636 against. The proposal claims to provide holders with additional yield on their COMP tokens.
The move, though legal within the framework of the DAO’s rules, was called out by several community members and experts following its passage on Sunday by a vote from COMP token holders.
“When a user places COMP into the goldCOMP vault, the depositor receives goldCOMP, a semi-liquid wrapped token representing their initial deposit,” the proposal's text reads.
“These goldCOMP tokens can be placed in a 99/1 Balancer pool 1, creating a passive income stream for COMP holders who plan to hold COMP for a long period of time.”
In discussions from similar proposals executed by Humpy in the last two-to-three months, Michael Lewellen, a security solutions architect at OpenZeppelin, warned of a potential “governance attack” taking place as early as May.
“The proposal was not discussed prior in the forums and the delegate did not identify itself to the community prior to the proposal being created,” Lewellen wrote in May. “There are additional new delegations that have been made that raise concerns that this is possibly a coordinated governance attack.”
Critics argue that the accumulation of voting power through open market purchases undermines the principle of decentralized governance, where decisions are intended to reflect the collective interest rather than the agenda of a few powerful entities.
Conscious of the above, the latest proposal attempted to assuage concerns by claiming a new "Trust Setup" that would allow the Golden Boys multisig to invest, divest, and handle rewards only with prior approval from Compound Governance.
However, the centralized control over the new vault has been met with skepticism.
Omer Goldberg, founder and CEO of Chaos Labs, a firm focused on providing security and risk management solutions for DeFi protocols, said the proposal, at best, is “poorly communicated” and, at worst, is an attack happening in “plain sight.”
“The key lesson here remains clear: if the potential payoff exceeds the cost of exploitation, someone will attempt it,” Goldberg tweeted Sunday “The only variable is the time horizon.”
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.