ERC-777/1155/721 hook without reentrancy guard

Compound V3 (Comet)'s assessment for RD-F-015 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

ChainSecurity identified ERC-777 tokens could enable reentrant buyCollateral calls, allowing excess collateral purchase. Team acknowledged without code fix. Current collateral set (WETH, WBTC, USDC, LINK, UNI, COMP, wstETH, USDT, USDS) are all standard ERC-20s — practical risk is mitigated; architectural risk exists for future ERC-777 listings.

Sources #

Audit
https://reports.chainsecurity.com/Compound/ChainSecurity_Compound_Comet_Audit.pdfretrieved 2026-04-28

Methodology #

Determine whether the protocol integrates token standards with callbacks (ERC-777 tokensReceived, ERC-1155 onReceived, ERC-721 onReceived) without reentrancy guards on the affected functions.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol compound-v3 factor RD-F-015 score yellow collected_at 2026-04-28 00:20:50