Compound's Upgraded DeFi Lending Platform Targets Security, Scalability
The latest version scales back the number of supported tokens on the protocol and improves safety and scalability features.
Compound has launched a new version of its decentralized finance (DeFi) lending platform, Compound v3. The limited production release reduces the number of supported tokens that can be borrowed and collateralized on the protocol, according to a Thursday blog post from the protocol’s founder.
Compound’s latest iteration, called Comet, allows users to borrow a single, interest-earning asset, USD Coin (USDC), using wrapped bitcoin (WBTC) as well as the native tokens from Chainlink (LINK), Uniswap (UNI) and Compound (COMP) as collateral. Compound v3 also employs Chainlink as the protocol’s exclusive price feed and simplifies governance smart contracts, which will enhance the system’s security and scalability. The limited release protocol is capped at $100 million in assets, or about 2% of the $3.8 billion of assets held by Compound v2.
Compound founder Robert Leshner says Compound v3 allows users to borrow more tokens with less risk of liquidation and lower liquidation penalties.
“The architecture of [Compound v2] was too risky in that one bad asset can theoretically drain the entire protocol,” Leshner told CoinDesk. “[In Compound v3], even if one asset plummets to zero, there's no risk to users in the protocol of other assets.”
Compound’s previous iterations employed a pooled-risk model, which supported nine cryptocurrencies, including ether (ETH), dai (DAI) and tether (USDT). Under the old model, users would deposit assets into lending pools, where their assets would earn interest. In exchange for their deposits, lenders received cTokens, which represented the value of their deposits. Using those cTokens, the lender could then borrow up to a certain percentage of the value of their collateralized assets in a different cryptocurrency.
Forking the protocol
In addition to reducing the platform’s number of supported tokens, Compound v3 is also cracking down on unauthorized forks.
Forking a protocol basically amounts to cloning its code over to a new project. Forks typically make adjustments to a protocol’s original code, but some low-effort Compound forks have been wholesale copies of the platform with little changed beyond branding.
In Compound’s latest iteration, forking the protocol requires community permissions. The approval process aims to ensure the code behind each proposed fork is less susceptible to exploits.
Compound has grown to become one of the most-forked blockchain protocols, but the ease with which less sophisticated developers can clone older versions of the protocol has led to problems. For example, a specific “re-entrancy” bug in some of Compound’s old code was exploited in several Compound forks that never got around to fixing it – leading to over $100 million in combined losses.
These attacks were just a few among a string of exploits that have debilitated the DeFi space, where code exploits resulting in multi-million dollar losses have become increasingly common. According to a Chainanalysis study, almost 97% of all cryptocurrency stolen in the first three months of 2022 — up from 72% in 2021 — was plundered from DeFi protocols.
In addition to upping the protocol’s security, Compound v3 will introduce changes to the protocol’s governance system. In Compound v3, governance is conducted through a single “Configurator” contract, instead of a network of contracts that are individually managed.
“The code base is a lot simpler, and everything's contained in a single smart contract for each deployment,” said Leshner. “That makes it very easy to govern and manage, which we think will make governance participation increase.”
Governance token holders will now also have the ability to exercise greater control over economic policy across the protocol thanks to the protocol’s use of ChainLink for price oracles. By employing ChainLink instead of relying on a custom price feed for price oracles, supply and borrow models can be decoupled and operate independently, granting the community more control over operations across the system.