Quantstamp Audits Gauntlet’s Updates to Compound Governance Capabilities

December 5, 2020
Quantstamp Announcements

Quantstamp recently audited updates to several Compound smart contracts proposed by Gauntlet including updates to Compound governance capabilities. This security engagement included, but was not limited to, auditing:

As a result of the audit, Compound changed the order that several methods were called so that Comptroller.setCompSpeedInternal would correctly update how Comp rewards are distributed to users. Compound also modified the Comptroller._grantComp functions to prevent governance proposals from passing when there are not enough funds available. All found issues were resolved.

Optimizing DeFi Governance with Gauntlet

Gauntlet is pushing DeFi innovation forward by introducing data driven analysis into DeFi governance. Gauntlet’s team of experts simulate DeFi scenarios that take into account composability with other DeFi protocols in order to assess protocol risks and recommend improvements. After their analysis, they submit improvement proposals and engage in discussions with governance token holders in order to support a proposal's passage. 

Gauntlet’s data driven analysis has resulted in improvements in leading protocols including Compound, Aave, and NuCypher. Gauntlet's long term goal is to create automated governance systems that analyze DeFi activity and automatically propose parameter suggestions to protocols.

Gauntlet’s Intended Automated Governance System

Compound’s Impact on DeFi

Compound recently had a great impact on the DeFi space by decentralizing their governance through their liquidity mining program in June 2020. When borrowers lent or borrowed digital assets on Compound, they also received COMP governance tokens. One goal of this program was to improve governance by distributing tokens to those who actually use the platform. The Compound protocol is now completely run by COMP token holders. 

Compound’s liquidity mining program was extremely successful. In 7 days, the total value of assets managed by Compound rose from 95 million USD to over 600 million USD. Other top DeFi projects including Uniswap, Curve, and Balancer also launched liquidity mining programs shortly after. From June 2020 to November 2020, the total value locked in DeFi applications rose from just above 1 billion USD to over 13 billion USD worth of digital assets. This sharp growth was a direct result of the liquidity mining programs across the DeFi ecosystem and was inspired by the success of Compound’s liquidity mining program.  


This summer’s liquidity mining craze was inspired by Compound in June. The red circle marks the sharp increase in Compound’s liquidity that took place immediately after their liquidity mining program went live.

Continually Improving Incentives

While many liquidity mining programs were successful, it became evident that certain programs facilitated better outcomes than others. In some instances, users would supply liquidity for a short period only to sell their governance tokens and transfer their liquidity elsewhere. Ideally, liquidity mining programs would incentivize users to supply liquidity for long periods of time. 

In order to improve the incentives of participants in the Compound ecosystem, Gauntlet proposed a new vesting mechanism. This mechanism can be applied to future liquidity providers, governance participants, or any other actor in the ecosystem. Gauntlet also ensured that this vesting system was flexible enough that it would allow them to implement new incentivization strategies as they analyzed more market information. This flexible vesting system not only improved Compound’s governance, it will ultimately contribute to the improvement of DeFi at large.

Compensating Ecosystem Contributors

Included in the Compound smart contracts audited by Quantstamp is also the ability for Compound to directly pay contributors through a token vote. This helps solve a variation of the tragedy of the commons problem that we often see in open source development. Developers build valuable and widely used software, but they are not compensated for their work. These developers also face an opportunity cost. Instead of dedicating their unique skill set to open source development for free, they can get paid elsewhere. 

Gauntlet identified a unique opportunity to fix these misaligned incentives. Token holders can now compensate individuals for any valuable service that they can offer to improve the protocol. The ecosystem benefits from high quality contributors and the contributors themselves have a reason to stick around. 

Future of DeFi

Governance via token holders has led to the rapid iteration of leading decentralized protocols in DeFi. Liquidity mining programs seeded DeFi projects with a community of knowledgeable users who have a vested interest in the success of the protocol. Gauntlet has now provided token holders with data driven analysis that allows these vested token holders to make the informed decisions that propel the ecosystem forward. Quantstamp looks forward to continuing to secure the innovations that will form the foundation of tomorrow's economy. 

Quantstamp Announcements
December 5, 2020

Quantstamp recently audited updates to several Compound smart contracts proposed by Gauntlet including updates to Compound governance capabilities. This security engagement included, but was not limited to, auditing:

As a result of the audit, Compound changed the order that several methods were called so that Comptroller.setCompSpeedInternal would correctly update how Comp rewards are distributed to users. Compound also modified the Comptroller._grantComp functions to prevent governance proposals from passing when there are not enough funds available. All found issues were resolved.

Optimizing DeFi Governance with Gauntlet

Gauntlet is pushing DeFi innovation forward by introducing data driven analysis into DeFi governance. Gauntlet’s team of experts simulate DeFi scenarios that take into account composability with other DeFi protocols in order to assess protocol risks and recommend improvements. After their analysis, they submit improvement proposals and engage in discussions with governance token holders in order to support a proposal's passage. 

Gauntlet’s data driven analysis has resulted in improvements in leading protocols including Compound, Aave, and NuCypher. Gauntlet's long term goal is to create automated governance systems that analyze DeFi activity and automatically propose parameter suggestions to protocols.

Gauntlet’s Intended Automated Governance System

Compound’s Impact on DeFi

Compound recently had a great impact on the DeFi space by decentralizing their governance through their liquidity mining program in June 2020. When borrowers lent or borrowed digital assets on Compound, they also received COMP governance tokens. One goal of this program was to improve governance by distributing tokens to those who actually use the platform. The Compound protocol is now completely run by COMP token holders. 

Compound’s liquidity mining program was extremely successful. In 7 days, the total value of assets managed by Compound rose from 95 million USD to over 600 million USD. Other top DeFi projects including Uniswap, Curve, and Balancer also launched liquidity mining programs shortly after. From June 2020 to November 2020, the total value locked in DeFi applications rose from just above 1 billion USD to over 13 billion USD worth of digital assets. This sharp growth was a direct result of the liquidity mining programs across the DeFi ecosystem and was inspired by the success of Compound’s liquidity mining program.  


This summer’s liquidity mining craze was inspired by Compound in June. The red circle marks the sharp increase in Compound’s liquidity that took place immediately after their liquidity mining program went live.

Continually Improving Incentives

While many liquidity mining programs were successful, it became evident that certain programs facilitated better outcomes than others. In some instances, users would supply liquidity for a short period only to sell their governance tokens and transfer their liquidity elsewhere. Ideally, liquidity mining programs would incentivize users to supply liquidity for long periods of time. 

In order to improve the incentives of participants in the Compound ecosystem, Gauntlet proposed a new vesting mechanism. This mechanism can be applied to future liquidity providers, governance participants, or any other actor in the ecosystem. Gauntlet also ensured that this vesting system was flexible enough that it would allow them to implement new incentivization strategies as they analyzed more market information. This flexible vesting system not only improved Compound’s governance, it will ultimately contribute to the improvement of DeFi at large.

Compensating Ecosystem Contributors

Included in the Compound smart contracts audited by Quantstamp is also the ability for Compound to directly pay contributors through a token vote. This helps solve a variation of the tragedy of the commons problem that we often see in open source development. Developers build valuable and widely used software, but they are not compensated for their work. These developers also face an opportunity cost. Instead of dedicating their unique skill set to open source development for free, they can get paid elsewhere. 

Gauntlet identified a unique opportunity to fix these misaligned incentives. Token holders can now compensate individuals for any valuable service that they can offer to improve the protocol. The ecosystem benefits from high quality contributors and the contributors themselves have a reason to stick around. 

Future of DeFi

Governance via token holders has led to the rapid iteration of leading decentralized protocols in DeFi. Liquidity mining programs seeded DeFi projects with a community of knowledgeable users who have a vested interest in the success of the protocol. Gauntlet has now provided token holders with data driven analysis that allows these vested token holders to make the informed decisions that propel the ecosystem forward. Quantstamp looks forward to continuing to secure the innovations that will form the foundation of tomorrow's economy. 

ETH2 recently launched 🚀
Learn more
ETH2 recently launched 🚀
Learn more
Quantstamp Announcements

Monthly Hacks Roundup: March 2024

March was a volatile month for the web3 security landscape, with significant security breaches totalling over $152 million in losses. Read on as we dive into four major security incidents and the trends from last month 👇

Read more
Quantstamp Announcements

Modular Account: How Audits Can Help Shape Standards And Catalyze Mass Adoption

Quantstamp recently conducted a smart contract audit for Alchemy’s Modular Account, a wallet implementation designed from the ground up for ERC-4337 and ERC-6900 compatibility including two plugins

Read more
Quantstamp Announcements

Quantstamp 2023 Web3 Security Year In Review

As the year comes to a close, we wanted to take a moment to reflect on this year’s biggest hacks, root causes, and noteworthy trends.

Read more
Services
AuditsInfrastructure AuditsEconomic ExploitsInsuranceDeFi Protection
Resources
Audit ReportsAudit Readiness Guide
About
BlogTeamMediaCareers
Back to Top
Follow
Quantstamp logo

Request an Audit

Quantstamp works with a wide variety of teams ranging from new DeFi protocols to established enterprises. 

Share some details about what you’re building and someone from our team will reach out as soon as possible. We appreciate your interest and look forward to hearing about your project!

Close
We received your request successfully

Thank you for expressing your interest in a smart contract audit. You will receive a confirmation email from us and our team will be in touch with you within the next few days.

In the meantime, please consider getting your code and documentation ready in accordance with the Audit Readiness Checklist.

Close
Oops! Something went wrong while submitting the form.
Quantstamp logo

Contact Our Press Team

Are you interested in writing about Quantstamp or learning more about us? 

Fill out the form and we will contact you shortly. We look forward to meeting you.

High-caliber team
Stellar track record
Chain agnostic
Strategic partnerships
Close
We received your request successfully

Thank you for contacting our press team. We will get in touch with you in the next few days.

Close
Oops! Something went wrong while submitting the form.
Quantstamp logo

Contact Us

Let us know how you would like to collaborate with us.

Close
Success
We received your request successfully

Thank you for expressing your interest in Quantstamp. We will contact you as soon as we review your message.

Close
Oops! Something went wrong while submitting the form.