Is Compound V2 Safe?

|Lending
C+

Risk Grade: C+ (40/100)

Compound V2 is rated as elevated risk — multiple novel mechanisms and notable interaction risks.

Compound V2 is a battle-scarred DeFi pioneer. While its code has been live since 2020 without a direct exploit of user funds, the $147M distribution bug and $24M governance attack demonstrate real risks. The shared pool architecture is fundamentally riskier than V3's isolated design. Users should seriously consider migrating to V3 or alternative lending protocols unless there is a specific reason to remain on V2.

Compound V2 is the original version of Compound Finance — one of DeFi's first lending protocols. It lets you supply crypto assets to earn interest or borrow against your deposits. While V3 (the newer version) has launched with improved design, V2 still holds $153M in deposits from users who haven't migrated. It uses a shared lending pool where all assets are mixed together.

TVL

$137M

Mechanisms

7

Interactions

5

Value Grade

C-

Key Risks for Compound V2 Users

1.

V2 is the older, riskier version of Compound — it had a $147M bug in 2021 that over-distributed rewards to the wrong people

2.

V2's shared pool design means a problem with any one asset can affect ALL depositors, not just those in that asset

3.

The Compound DAO was attacked in 2024 — a group extracted $24M by coordinating votes with few participants watching

4.

V2 is a legacy system with declining development attention as the team focuses on V3

Top Risk Factors

  • 2021 COMP distribution bug lost ~$147M in over-distributed rewards — the largest accounting error in DeFi history — demonstrating the risk of V2's aged, complex smart contracts
  • Empty pool attack vector in Compound V2 code when initiating new markets has been exploited in multiple forks (Hundred Finance, Onyx Protocol), and the vulnerability pattern originates from V2's architecture
  • 2024 Golden Boys governance attack extracted $24M COMP from treasury via whale-coordinated voting, exposing structural governance capture vulnerability

Risk Score Breakdown

Compound V2's highest risk area is Track Record (14/15). Here's how each dimension contributes to the overall 40/100 score:

Mechanism Novelty0/15
Interaction Severity8/20
Oracle Surface3/10
Documentation Gaps1/10
Track Record14/15
Scale Exposure5/10
Regulatory Risk2/10
Vitality Risk7/10

Read the Full Compound V2 Risk Report

This protocol has 2 collapse scenarios. 3 high-severity interaction risks identified. See the full mechanism classification, interaction matrix, and deep-dive recommendations.

View Full Report →

Considering an investment?

Read our Investment Analysis →Compare Lending Alternatives →

Related Lending Safety Analyses

Is Tapioca Safe?D+Is Abracadabra Safe?D+Is Radiant Capital Safe?D+Is YieldBlox Safe?D+Is Maple Finance Safe?C-

Related Lending Investment Analyses

Is Tapioca a Good Investment?D-Is Abracadabra a Good Investment?D-Is Radiant Capital a Good Investment?FIs YieldBlox a Good Investment?DIs Maple Finance a Good Investment?C

Ratings use Hindenrank's eight-dimension risk rubric. Lower score = lower risk. Grades range from A (safest) to F (riskiest). This is not financial advice.