compound-protocol VS verified-smart-contra

https://github.com/compound-finance/compound-protocol/tree/master/contracts/Governance .

I'm making an NFT crowdfunding protocol as a summer project and am using Compound Governance contract along with ERC20Votes to do so.

I highly recommend you do two things, first, try and get a feel for the behavior of smart contracts, there are tools that can help with this, like the ones at blockchain.ey.com - you can get a free personal use account and has a pretty convenient smart contract and token explorer tool for Solidity, you just drop in the code from the protocol’s GitHub (like recommended above) and bam. Here’s Compound’s timelock contract as an example: https://github.com/compound-finance/compound-protocol/blob/master/contracts/Timelock.sol

The Tranquil protocol smart contracts are forked from the Compound protocol with minimal changes. It is a deeply battle-tested and audited protocol with formal verification of its contracts.We plan to get audits for the Tranquil protocol as soon as possible.

Yep however I don't think I'd consider it to quite the same extreme. No doubt it was bad however proportionally to the size of the platform Cream's exploit was far more damaging. Like the rekt.news post mentions, it was more of a banking/spec error than an outright vulnerability. Your spec can't protect you if the loss is due to intended behaviour. There are ways to mitigate this however. The main way is by making your spec concise and clearly representable as a series of state transitions & operations or as a series of transformations.

The Compound Finance paper spec essentially just lists "this subsystem does these things" and then each function/operation is a list of preconditions, what actions are taken in what conditions, and the expected result. This isn't bad per se but it's not great either. Instead the paper spec really should be showing what transformation is being applied to the state, why we want that transformation applied, what properties must hold throughout the transformation, and then demonstrating that those properties hold.

Compare this (Compound):

https://github.com/compound-finance/compound-protocol/blob/m...

Provide alert for 10% or more change in Utilization Rate within a 60 minute window in a given pool.

https://github.com/runtimeverification/verified-smart-contra...

or this (Djed):

https://eprint.iacr.org/2021/1069.pdf

The first just describes the system and then asserts preconditions hold which works well enough for verifying that the code matches the spec but the other actually verify that the spec is doing what the user & developer expect it to by formalising the system and analysing the properties of that system.

Compound's project wouldn't have been vulnerable to any of the attacks executed on CreamFi however they are vulnerable to the class of spec errors. Uniswap and Djed on the other hand would be protected from the majority of that class of issue that Compound experienced. This isn't to say that they are invulnerable but I'd be willing to say that they are approaching "cryptography-grade" security where you can trust these protocols just like you can trust AES, RSA, and ECC encryption & signing.

---

This of course isn't to say that what Compound does is bad but as that incident shows, there is still room for their improvement in the security space. Cryptocurrency and "Decentralised Finance" are finally starting to grow up into proper subsets of the cryptocurrency and game theory communities. Now this might be a bit of general commentary on the SW space but hopefully long term this trend causes some of this security minded design to bleed over into the greater software engineering community.