How Does Compound V3 Work?

Lending|Risk B-|7 mechanisms|5 interactions

One of DeFi's oldest lending protocols where you deposit crypto to earn interest or borrow against your holdings. It manages $1.3B in deposits and has raised $79M. Its C+ grade reflects a history of governance attacks ($24M stolen via a vote in 2024) and a past $147M accounting bug.

TVL

$1.4B

Sector

Lending

Risk Grade

B-

Value Grade

B

Core Mechanisms

Lending/Collateral Models/Isolated Markets

Comet architecture: each market has a single borrowable base asset (e.g., USDC) with multiple collateral types, isolating borrowing risk per market

Simplified from V2's multi-asset borrowing model. Single base asset per market reduces complexity and cross-asset contagion but fragments liquidity across Comet instances.

Lending/Interest Rate Curves/Kinked Utilization Curve

Decoupled supply and borrow rates with kinked utilization curve, where borrow rates spike sharply above optimal utilization

Improved from V2 with decoupled rates that maintain liquidity for lenders even at high utilization. Standard kinked curve design with governance-set parameters.

Lending/Liquidation Mechanics/Gradual Liquidation

Absorption-based liquidation that gradually unwinds positions as they approach insolvency, rather than sudden full liquidation

Gradual liquidation reduces cascade risk compared to V2's sudden liquidation. However, in fast-moving markets, gradual unwinding may not keep pace with price declines.

Governance/Voting/Token-weighted Voting

COMP token governance with Governor Bravo, timelock, and on-chain binding proposals

Battle-tested governance framework but proven vulnerable to whale coordination. The 2024 Golden Boys attack demonstrated that low participation enables treasury extraction.

Governance/Veto/Governance Guardian

Compound governance guardian with veto-only power to block malicious proposals

Guardian can veto proposals but cannot initiate them. Guardian role is set to expire, transitioning to full community governance with reduced safety nets.

Lending/Oracle Dependencies/Chainlink External Oracle

Chainlink price feeds for all collateral assets with per-asset liquidation thresholds

Standard Chainlink dependency. Oracle staleness or downtime could prevent timely liquidations, especially for volatile collateral assets.

Value Capture/Revenue Distribution/Treasury Accumulation

Protocol reserves accumulate from spread between supply and borrow rates, with governance-directed spending

DAO treasury has been a governance attack target. Proposal 513 (Dec 2025) transferred $1.1M to the Compound Foundation, showing active treasury utilization.

How the Pieces Interact

Token-weighted governanceLarge DAO treasuryHigh

Low voter participation combined with concentrated COMP holdings enabled the 2024 Golden Boys governance attack, extracting $24M from the treasury. Despite settlement, the structural vulnerability remains for future whale-coordinated proposals.

Single base-asset Comet marketsMultiple collateral typesHigh

All borrowing demand concentrates in one base asset per market. A sudden spike in borrowing demand can exhaust the base asset, preventing lenders from withdrawing even if their collateral is healthy, creating liquidity freezes.

Gradual liquidationVolatile collateral assetsHigh

Gradual absorption may not unwind positions fast enough during flash crashes. If collateral value drops faster than the absorption rate, bad debt accumulates and is socialized across lenders.

Chainlink oracle dependencyLiquidation threshold monitoringMedium

Oracle update delays during high-congestion periods (e.g., gas spikes on Ethereum) can cause liquidation threshold monitoring to lag, allowing undercollateralized positions to persist.

Governor Bravo timelocked executionGuardian veto expirationMedium

As the governance guardian role sunsets, the timelock becomes the primary safety mechanism. Short timelocks may not provide enough reaction time for the community to organize against malicious proposals.

What Could Go Wrong

  1. 2024 governance attack extracted $24M COMP from treasury via coordinated whale voting (Proposal 247)
  2. Historical $147M bug in reward distribution contract — largest DeFi accounting error
  3. Single base-asset architecture concentrates all borrowing risk in one asset per Comet market

Governance Treasury Raid via Whale Coordination

Moderate

Trigger: COMP voter participation drops below 10% of circulating supply for 3+ consecutive proposals while treasury balance exceeds $50M, enabling a coordinated whale voting attack

  1. 1.Coordinated group accumulates sufficient COMP to pass proposals during low-participation governance windows Attackers submit proposal to redirect treasury funds (repeating the 2024 Golden Boys pattern)
  2. 2.Proposal passes community vote with concentrated whale support before broader community mobilizes Timelock countdown begins; community has limited reaction window
  3. 3.Guardian veto power has expired or is not exercised in time Treasury funds are extracted via executed proposal — potentially $24M+ as in the 2024 incident
  4. 4.COMP token price crashes 30-40% on news of successful governance attack Remaining governance participants lose conviction; future governance participation declines further
  5. 5.Protocol development funding is depleted; security audit and upgrade budgets are cut Long-term protocol maintenance and security posture deteriorate
See all 2 collapse scenarios in the full risk report →

Risk Profile at a Glance

Mechanism Novelty0/15
Interaction Severity8/20
Oracle Surface2/10
Documentation Gaps1/10
Track Record5/15
Scale Exposure7/10
Regulatory Risk2/10
Vitality Risk4/10
B-

Overall: B- (29/100)

Lower score = safer

More on Compound V3

Is Compound V3 Safe?

Safety analysis

Is Compound V3 a Good Investment?

Value analysis

Full Risk Report

All mechanisms & interactions

Related Lending Explainers

How Does Tapioca Work?D+How Does Abracadabra Work?D+How Does Radiant Capital Work?D+How Does YieldBlox Work?D+How Does Aave V3 Work?C-