Compound’s Self-Liquidation Bug
On December 8, I alerted the Compound team about a bug in its smart contract code that would allow a malicious borrower to steal funds. That same day, the engineering team flipped a switch on their smart contract to disable new borrowing. Then, a few days later, the team…