DeFiScan
@defiscan
Compound V3's DECENTRALIZATION review: STAGE 0 Compound V3 is a lending protocol that accepts a base asset as liquidity and allows borrowing this base asset with a variety of other assets as collateral. Multiple base assets are supported such as $USDC, $WETH, $USDT, $wstETH, and $USDS. Each base asset represents an isolated lending market managed by a separate instance of the protocol. Compound governance is able to update various parameters for each of these markets.
0 reply
0 recast
0 reaction
DeFiScan
@defiscan
Decentralization Assessments Below is an overview of the contracts from the Compound V3 protocol. Each box on the graph represents an intermediary identified in this protocol that will have an influence on its decentralization according to our framework (https://www.defiscan.info/learn-more).
0 reply
0 recast
0 reaction
DeFiScan
@defiscan
⛓️Chain To date, Compound V3 has been reviewed on Ethereum and Arbitrum: 🟢The Ethereum deployment has a low-risk score, it is currently the safest network for deploying DeFi protocols. 🟡The Arbitrum deployment has a medium risk-score. It is a Layer 2 in Stage 1 according to @l2beat, whose assessments are authoritative here These ratings may be updated if the safety of these chains is reassessed.
0 reply
0 recast
0 reaction
DeFiScan
@defiscan
🚨Upgradability 🔴Compound V3 has a high-risk score The Compound V3 protocol is fully upgradable allowing for the update of governance and markets logic and state (specifically the Governance and Comet implementation contracts). This can result in the loss of funds or unclaimed yield as well as lead to other changes in the expected performance of the protocol. The permission to upgrade the protocol is controlled by an onchain governance system with $COMP token holders submitting and voting on respective proposals. A multisig account, the ProposalGuardian, has the permission to cancel proposals to mitigate the risk of malicious or otherwise unintended proposals. This role can potentially be abused to censor proposals. Furthermore, another multisig account, the PauseGuardian, has the permission to pause markets, disabling depositing and withdrawing assets, if suspicious activity is detected. This role can potentially be abused to freeze funds and unclaimed yield in the protocol.
0 reply
0 recast
0 reaction