The proposal for the "Comet Vulnerability Bounty Program" by Compound DAO did not pass due to insufficient votes, with a support rate exceeding 70%

ChainCatcher news, Compound DAO previously initiated the "Comet Vulnerability Disclosure (Fixed) Bounty Program Reward" proposal to reward a blockchain developer who reported and fixed the vulnerability, but the final voting result fell short by 15,000 votes (not reaching the necessary 400,000 statutory support votes). Over 70% of the votes supported this proposal.

It is reported that the pseudonymous developer "KP" discovered a vulnerability in the Compound COMP -1.33% v3 protocol (also known as Comet). According to KP's estimation, this vulnerability would allow hackers to directly steal user funds, but it would be fundamentally unprofitable (stealing $1 million in funds would cost the attacker billions of dollars in gas fees).

After discovering and verifying the vulnerability, KP reported it to Compound and its security partner OpenZeppelin, providing a code repository that included a proof-of-concept simulation of the attack. After the vulnerability was patched, KP proposed to the Compound DAO for a reward of $125,000. This proposal received support from Kevin Cheng, the head of the Compound Labs protocol, and Michael Lewellen, the head of solutions architecture at OpenZeppelin.