How Does Compound V2 Work?
Compound V2 is the original version of Compound Finance — one of DeFi's first lending protocols. It lets you supply crypto assets to earn interest or borrow against your deposits. While V3 (the newer version) has launched with improved design, V2 still holds $153M in deposits from users who haven't migrated. It uses a shared lending pool where all assets are mixed together.
TVL
$139M
Sector
Lending
Risk Grade
C+
Value Grade
C-
Core Mechanisms
Lending/Collateral Models/Cross-Collateral Pool
Single shared lending pool where all supplied assets serve as collateral for all borrowing — cross-asset risk contagion by design
V2's shared pool model means a bad debt event in any single asset can cascade to affect all lenders. This is the architecture that V3 specifically moved away from with isolated Comet markets.
Lending/Interest Rate Curves/Kinked Utilization Curve
Dynamic interest rates based on utilization ratio with a sharp kink above the optimal utilization threshold
Standard kinked utilization curve. At extreme utilization, rates spike but may not be sufficient to prevent liquidity crises where lenders cannot withdraw.
Lending/Liquidation Mechanics/Instant Liquidation
When health factor drops below 1.0, up to 50% of a borrower's position can be instantly liquidated by any liquidator at a fixed discount
V2's instant liquidation model creates cascade risk during market crashes as liquidated collateral floods the market. V3 improved this with gradual absorption.
Lending/Token Wrapping/cToken Receipt
Suppliers receive cTokens (e.g., cDAI, cUSDC) representing their deposit plus accrued interest, with an increasing exchange rate
cToken model was innovative at launch but is now standard. Exchange rate manipulation in empty markets has been a recurring vulnerability in V2 forks.
Governance/Voting/Token-weighted Voting
COMP token governance with Governor Bravo, timelock, and on-chain binding proposals
Battle-tested governance but proven vulnerable to whale coordination. The $24M Golden Boys treasury extraction demonstrated structural weakness of token-weighted voting with low participation.
Lending/Oracle Dependencies/Chainlink External Oracle
Chainlink price feeds for all collateral and borrowable assets determining liquidation thresholds
Standard Chainlink dependency. Oracle staleness or manipulation could delay or prevent necessary liquidations, especially for long-tail assets.
Value Capture/Revenue Distribution/Treasury Accumulation
Protocol reserves accumulate from interest rate spread between supply and borrow rates, governed by COMP holders
Treasury has been a governance attack target. DAO treasury management remains contentious with ongoing proposals for fund allocation.
How the Pieces Interact
In a market crash, the shared pool model means cascading liquidations across multiple asset types simultaneously. As liquidated collateral floods DEXs, slippage increases, reducing liquidation efficiency and potentially creating bad debt that is socialized across all lenders in the pool.
Low voter participation (often <10% of circulating supply) combined with concentrated COMP holdings enables governance attacks. The 2024 Golden Boys extraction of $24M demonstrated this is not theoretical — the structural vulnerability persists for future whale-coordinated proposals.
The empty pool attack — exploiting cToken exchange rate rounding in newly initialized markets — originated in V2's architecture and has caused over $10M in losses across V2 forks (Hundred Finance $7M, Onyx Protocol $2.1M). While V2 mainnet markets are established, governance proposals for new markets could reintroduce this vector.
In the shared pool model, oracle delays for any single asset can cause systemic mispricing of liquidation thresholds. During network congestion, Chainlink updates may lag, allowing undercollateralized positions to persist longer than intended.
V2's aged codebase is complex and difficult to modify safely, as demonstrated by the $147M COMP distribution bug introduced via Proposal 62. Any governance-approved upgrade carries elevated risk of introducing new bugs into the legacy system.
What Could Go Wrong
- 2021 COMP distribution bug lost ~$147M in over-distributed rewards — the largest accounting error in DeFi history — demonstrating the risk of V2's aged, complex smart contracts
- Empty pool attack vector in Compound V2 code when initiating new markets has been exploited in multiple forks (Hundred Finance, Onyx Protocol), and the vulnerability pattern originates from V2's architecture
- 2024 Golden Boys governance attack extracted $24M COMP from treasury via whale-coordinated voting, exposing structural governance capture vulnerability
Cross-Collateral Cascade Liquidation in Shared Pool
ModerateTrigger: Multi-asset market crash of 30%+ within 24 hours triggers simultaneous liquidations across all collateral types in the V2 shared pool
- 1.Broad crypto market crash causes multiple collateral assets (ETH, WBTC, LINK, etc.) to drop 30%+ simultaneously — Thousands of borrowing positions breach liquidation thresholds at once; liquidation bots compete for opportunities
- 2.Mass liquidations flood DEX markets with seized collateral; slippage exceeds liquidation discount — Liquidators begin losing money on liquidations; many stop participating, leaving undercollateralized positions
- 3.Remaining undercollateralized positions accumulate bad debt as collateral continues to decline — Bad debt is socialized across all lenders in the shared pool; supplier positions become underwater
- 4.Lenders rush to withdraw surviving assets; utilization spikes to 99%+ — Remaining lenders cannot exit; liquidity freeze persists until borrowers repay or governance intervenes
Risk Profile at a Glance
Overall: C+ (40/100)
Lower score = safer