The decentralized finance (DeFi) space is no stranger to drama, and the recent events surrounding Compound’s governance have drawn significant attention. These events highlight a fascinating yet alarming trend in governance mechanisms within the DeFi world.

Here’s a comprehensive overview of the illicit “governance attack” on Compound:

1st Attempt:

On May 6, 2024, "Proposal 247: Treasury to Invest 5% of COMP holdings into goldCOMP Vault" was submitted.

This proposal suggested that the Compound treasury invest 5% of its COMP holdings into the goldCOMP Vault, created by Golden Boys. 

This was risky due to the significant amount of funds involved and the new entity controlling them. However, the proposal was canceled due to failing to reach quorum.

2nd Attempt:

Undeterred, the proposal reappeared on July 20, 2024, as "Proposal 279: Trust Setup for DAO investment into GoldCOMP."

This time, the proposal received significant criticism. Wintermute Governance strongly condemned the move, highlighting the lack of forum/community discussion and the risk of transferring COMP to a multi-sig, which would take it out of DAO control.

Michael Lewellen, the Head of Security Architecture from OpenZeppelin warned that this could be a governance attack, noting suspicious COMP delegations totaling 325,333 COMP, just 74,667 COMP short of quorum.

The proposal drew criticism for skipping community discussions and the potential for taking COMP out of DAO control.

3rd Attempt:

The third attempt came on July 29, 2024, with "Proposal 289: Trust Setup for DAO investment into GoldCOMP." This proposal increased the amount requested to 499,000 COMP and added a TrustSetup framework. Despite concerns, the proposal was approved with 682,191 votes in favor and 633,636 against.

GoldenBoys' Stance on the Compound Governance Attack

Golden Boys claim transparency, with multisig members disclosed as public figures in the DeFi space. Humpy, a member, refuted accusations of fund misappropriation, emphasizing the trust setup’s constraints. Another member, Ogle, expressed surprise at the negative portrayal, asserting their intentions were not harmful.

Humpy & Past Controversies

Humpy has a history of controversial moves in DeFi governance. In 2022, he exploited Balancer’s system vulnerabilities during the veBAL war. In May 2022, Humpy manipulated the veBAL system to direct $1.8M worth of BAL over six weeks to a CREAM/WETH liquidity pool they controlled.

Negotiations & Middle Path

Compound Finance's "Golden Boys" agreed to rescind their controversial Proposal 289. Initially, the proposal aimed to create a wrapped "goldCOMP" token and treasury with 499,000 COMP tokens, intended to provide passive income for COMP holders but subject to the discretion of the Golden Boys.

Humpy, the member of the Golden Boys, collaborated with Compound’s growth team to introduce a new proposal. The alternative plan, supported by major stakeholders like Gauntlet and WintermuteGovernance, involves distributing 30% of market reserves to COMP stakers, aligning with community interests without compromising governance.

This resolution saw a positive market response, with COMP tokens rebounding by 6%, although the token remains significantly below its all-time high.

While the proposals themselves can be seen as demands for funding or investment, the manner in which they were introduced, debated, and passed (or failed) highlights the characteristics of a governance attack. The strategic accumulation of voting power, lack of community engagement, and high-risk nature of the proposals all point to an attempt to manipulate Compound's governance for specific interests, thus fitting the definition of a governance attack.

Indicators of “Attack”

1. The proposals involved significant and coordinated delegations of COMP tokens, suggesting an attempt to accumulate enough voting power to influence the outcome.

2. The control of a large number of votes by a single entity or a coordinated group (Golden Boys)

3. Proposals were submitted without sufficient forum or community discussion, bypassing the usual deliberative processes that ensure transparency and broader consensus.

4. The proposals involved substantial transfers of COMP tokens to a vault controlled by a specific group, raising concerns about the security and control of these funds.

5. Even if the intent was not to steal funds, the structure of the proposals (e.g., control by GoldenBoyzMultisig) raised fears of potential misuse or excessive control over governance.

Conclusion

Compound's recent governance crisis exemplifies both the promise and peril of decentralized governance. It is also a stark reminder of the complexities and risks in decentralized governance.