defirisk.co
rubric v1.7.0

Post-exploit response score

Compound V3 (Comet)'s assessment for RD-F-081 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

2024 governance attack response: negotiated cancellation over 2-3 days, staking truce, transparent community process, $0 loss. Score ~3/5. 2023 vulnerability: excellent — disclosed, patched, bounty rewarded. Threshold: green >=4; yellow 2-3.

Detail #

Response to 2024 Proposal 289 governance attack: (1) Community MultiSig held cancel power as Proposal Guardian; (2) cancellation negotiated over ~2-3 days rather than automated; (3) truce produced substantive staking product giving 30% of reserves to COMP stakers; (4) community discussion transparent on comp.xyz and in press; (5) no formal incident post-mortem required ($0 loss). 2023 Comet vulnerability disclosure response: structured coordinated disclosure, patched before exploitation, bounty awarded via on-chain governance proposal (Tally #203) — exemplary process. Average response quality: 3/5 (adequate but reliant on human negotiation for governance attack).

Sources #

  • URL
    https://cryptobriefing.com/compound-staking-deal-governance-attack/retrieved 2026-04-27
  • Governance
    https://www.comp.xyz/t/comet-vulnerability-disclosure-patched/4854retrieved 2026-04-27
  • Curator note
    Cointelegraph article HEAD 404; archive.org Wayback availability API returns empty archived_snapshots for this slug. Underlying event (Golden Boys / Humpy 0xHumpy COMP governance proposal #289 attack July 2024 and subsequent agreement to rescind) is well-documented on Compound governance forum (compound.finance/governance/proposals/289) and across multiple secondary outlets; the specific Cointelegraph URL is unrecoverable. Marking dead pending curator selection of primary replacement (likely Compound forum thread or DLNews/The Block coverage). [dead-link, original: https://cointelegraph.com/news/golden-boys-behind-compound-governance-attack-agree-to-rescind-proposal]retrieved 2026-05-06

Methodology #

Curator-score (1–5) the most recent incident response on: compensation completeness, transparency of disclosure, root-cause analysis depth, and operational recovery speed.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol compound-v3 factor RD-F-081 score yellow collected_at 2026-04-28 00:20:50