Quantstamp Audits Gauntlet’s Updates to Compound Governance Capabilities

Quantstamp Announcements
December 5, 2020

Quantstamp recently audited updates to several Compound smart contracts proposed by Gauntlet including updates to Compound governance capabilities. This security engagement included, but was not limited to, auditing:

As a result of the audit, Compound changed the order that several methods were called so that Comptroller.setCompSpeedInternal would correctly update how Comp rewards are distributed to users. Compound also modified the Comptroller._grantComp functions to prevent governance proposals from passing when there are not enough funds available. All found issues were resolved.

Optimizing DeFi Governance with Gauntlet

Gauntlet is pushing DeFi innovation forward by introducing data driven analysis into DeFi governance. Gauntlet’s team of experts simulate DeFi scenarios that take into account composability with other DeFi protocols in order to assess protocol risks and recommend improvements. After their analysis, they submit improvement proposals and engage in discussions with governance token holders in order to support a proposal's passage. 

Gauntlet’s data driven analysis has resulted in improvements in leading protocols including Compound, Aave, and NuCypher. Gauntlet's long term goal is to create automated governance systems that analyze DeFi activity and automatically propose parameter suggestions to protocols.

Gauntlet’s Intended Automated Governance System

Compound’s Impact on DeFi

Compound recently had a great impact on the DeFi space by decentralizing their governance through their liquidity mining program in June 2020. When borrowers lent or borrowed digital assets on Compound, they also received COMP governance tokens. One goal of this program was to improve governance by distributing tokens to those who actually use the platform. The Compound protocol is now completely run by COMP token holders. 

Compound’s liquidity mining program was extremely successful. In 7 days, the total value of assets managed by Compound rose from 95 million USD to over 600 million USD. Other top DeFi projects including Uniswap, Curve, and Balancer also launched liquidity mining programs shortly after. From June 2020 to November 2020, the total value locked in DeFi applications rose from just above 1 billion USD to over 13 billion USD worth of digital assets. This sharp growth was a direct result of the liquidity mining programs across the DeFi ecosystem and was inspired by the success of Compound’s liquidity mining program.  


This summer’s liquidity mining craze was inspired by Compound in June. The red circle marks the sharp increase in Compound’s liquidity that took place immediately after their liquidity mining program went live.

Continually Improving Incentives

While many liquidity mining programs were successful, it became evident that certain programs facilitated better outcomes than others. In some instances, users would supply liquidity for a short period only to sell their governance tokens and transfer their liquidity elsewhere. Ideally, liquidity mining programs would incentivize users to supply liquidity for long periods of time. 

In order to improve the incentives of participants in the Compound ecosystem, Gauntlet proposed a new vesting mechanism. This mechanism can be applied to future liquidity providers, governance participants, or any other actor in the ecosystem. Gauntlet also ensured that this vesting system was flexible enough that it would allow them to implement new incentivization strategies as they analyzed more market information. This flexible vesting system not only improved Compound’s governance, it will ultimately contribute to the improvement of DeFi at large.

Compensating Ecosystem Contributors

Included in the Compound smart contracts audited by Quantstamp is also the ability for Compound to directly pay contributors through a token vote. This helps solve a variation of the tragedy of the commons problem that we often see in open source development. Developers build valuable and widely used software, but they are not compensated for their work. These developers also face an opportunity cost. Instead of dedicating their unique skill set to open source development for free, they can get paid elsewhere. 

Gauntlet identified a unique opportunity to fix these misaligned incentives. Token holders can now compensate individuals for any valuable service that they can offer to improve the protocol. The ecosystem benefits from high quality contributors and the contributors themselves have a reason to stick around. 

Future of DeFi

Governance via token holders has led to the rapid iteration of leading decentralized protocols in DeFi. Liquidity mining programs seeded DeFi projects with a community of knowledgeable users who have a vested interest in the success of the protocol. Gauntlet has now provided token holders with data driven analysis that allows these vested token holders to make the informed decisions that propel the ecosystem forward. Quantstamp looks forward to continuing to secure the innovations that will form the foundation of tomorrow's economy. 

Quantstamp Announcements
December 5, 2020

Quantstamp recently audited updates to several Compound smart contracts proposed by Gauntlet including updates to Compound governance capabilities. This security engagement included, but was not limited to, auditing:

As a result of the audit, Compound changed the order that several methods were called so that Comptroller.setCompSpeedInternal would correctly update how Comp rewards are distributed to users. Compound also modified the Comptroller._grantComp functions to prevent governance proposals from passing when there are not enough funds available. All found issues were resolved.

Optimizing DeFi Governance with Gauntlet

Gauntlet is pushing DeFi innovation forward by introducing data driven analysis into DeFi governance. Gauntlet’s team of experts simulate DeFi scenarios that take into account composability with other DeFi protocols in order to assess protocol risks and recommend improvements. After their analysis, they submit improvement proposals and engage in discussions with governance token holders in order to support a proposal's passage. 

Gauntlet’s data driven analysis has resulted in improvements in leading protocols including Compound, Aave, and NuCypher. Gauntlet's long term goal is to create automated governance systems that analyze DeFi activity and automatically propose parameter suggestions to protocols.

Gauntlet’s Intended Automated Governance System

Compound’s Impact on DeFi

Compound recently had a great impact on the DeFi space by decentralizing their governance through their liquidity mining program in June 2020. When borrowers lent or borrowed digital assets on Compound, they also received COMP governance tokens. One goal of this program was to improve governance by distributing tokens to those who actually use the platform. The Compound protocol is now completely run by COMP token holders. 

Compound’s liquidity mining program was extremely successful. In 7 days, the total value of assets managed by Compound rose from 95 million USD to over 600 million USD. Other top DeFi projects including Uniswap, Curve, and Balancer also launched liquidity mining programs shortly after. From June 2020 to November 2020, the total value locked in DeFi applications rose from just above 1 billion USD to over 13 billion USD worth of digital assets. This sharp growth was a direct result of the liquidity mining programs across the DeFi ecosystem and was inspired by the success of Compound’s liquidity mining program.  


This summer’s liquidity mining craze was inspired by Compound in June. The red circle marks the sharp increase in Compound’s liquidity that took place immediately after their liquidity mining program went live.

Continually Improving Incentives

While many liquidity mining programs were successful, it became evident that certain programs facilitated better outcomes than others. In some instances, users would supply liquidity for a short period only to sell their governance tokens and transfer their liquidity elsewhere. Ideally, liquidity mining programs would incentivize users to supply liquidity for long periods of time. 

In order to improve the incentives of participants in the Compound ecosystem, Gauntlet proposed a new vesting mechanism. This mechanism can be applied to future liquidity providers, governance participants, or any other actor in the ecosystem. Gauntlet also ensured that this vesting system was flexible enough that it would allow them to implement new incentivization strategies as they analyzed more market information. This flexible vesting system not only improved Compound’s governance, it will ultimately contribute to the improvement of DeFi at large.

Compensating Ecosystem Contributors

Included in the Compound smart contracts audited by Quantstamp is also the ability for Compound to directly pay contributors through a token vote. This helps solve a variation of the tragedy of the commons problem that we often see in open source development. Developers build valuable and widely used software, but they are not compensated for their work. These developers also face an opportunity cost. Instead of dedicating their unique skill set to open source development for free, they can get paid elsewhere. 

Gauntlet identified a unique opportunity to fix these misaligned incentives. Token holders can now compensate individuals for any valuable service that they can offer to improve the protocol. The ecosystem benefits from high quality contributors and the contributors themselves have a reason to stick around. 

Future of DeFi

Governance via token holders has led to the rapid iteration of leading decentralized protocols in DeFi. Liquidity mining programs seeded DeFi projects with a community of knowledgeable users who have a vested interest in the success of the protocol. Gauntlet has now provided token holders with data driven analysis that allows these vested token holders to make the informed decisions that propel the ecosystem forward. Quantstamp looks forward to continuing to secure the innovations that will form the foundation of tomorrow's economy. 

ETH2 recently launched 🚀
Learn more
November 11, 2020

Quantstamp Community Update - October 2020

‍Audit of Ethereum 2.0 client Teku, blockchain insurance, Open DeFi, virtual events, and more media coverage... here’s what happened at Quantstamp in October.‍

November 5, 2020

Why Bitcoin is Capturing Enterprise Attention

MicroStrategy made headlines this summer as the first publicly-traded company to buy Bitcoin as part of its capital allocation strategy. Since then, other companies have followed suit. Learn how current economic conditions and the unique properties of Bitcoin have driven these decisions.

October 28, 2020

Formally Verifying Hedera Hashgraph's Stablecoin Framework

Quantstamp created and formally verified a specification for Hedera Hashgraph stablecoins. This simplifies the process of creating safe stablecoins and also makes easier for partners to safely integrate them.

October 27, 2020

Quantstamp Completes Audit of 2nd ETH 2.0 Implementation

Quantstamp has now completed its audit of Teku, the Ethereum 2.0 client developed by ConsenSys. Quantstamp also audited Prysm by Prysmatic Labs.