Flash loan >$10M targeting protocol tokens

Compound V3 (Comet)'s assessment for RD-F-100 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

GovernorBravo uses getPriorVotes() checkpoint — flash-loan governance attacks structurally mitigated. No flash loan targeting Compound V3 oracle or governor detected in Apr 2026. COMP checkpointing prevents single-block flash-loan-to-governance attack.

Detail #

GovernorBravo (compound-finance/compound-protocol) uses ERC-20Votes checkpoint mechanism (getPriorVotes()): voting weight is evaluated at the block before the proposal's voting delay (1 block), not at the time of voting. This means a flash loan acquired in the same block as a vote cannot be used for governance attacks. The 2024 Proposal 289 attack required multi-week COMP accumulation, confirming the checkpoint mechanism is in effect. For price-manipulation flash loans targeting lending markets: applicable but no such pattern detected against Compound V3 in the April 2026 period. rsETH exploit used bridge-level forgery on Kelp infrastructure, not a flash loan against Compound V3 oracle.

Sources #

URL
https://docs.compound.finance/v2/governance/retrieved 2026-04-27

Methodology #

Detect whether a flash loan >$10M denominated in protocol tokens or LP tokens has originated, likely to interact with this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol compound-v3 factor RD-F-100 score green collected_at 2026-04-28 00:20:50