Compound DAO vote to pay developers for bug fixes fails

Compound DAO rewarded a blockchain developer for reporting and fixing a vulnerability. At first glance, anonymous developer "KP" did everything right after discovering the vulnerability in Compound, which would allow hackers to directly steal user funds, although the cost would be very unprofitable - according to KP's estimate, stealing $1 million would cost attackers billions of dollars in natural gas fees.

After discovering and verifying the vulnerability, KP reported it to Compound and its security partner OpenZeppelin, and provided a code repository containing a simulated attack concept verification. This vulnerability was quickly fixed, so KP requested a reward of $125,000 from Compound DAO.

KP explained that the bug bounty will help "greatly incentivize security researchers and developers to identify and disclose Compound bugs and vulnerabilities in the future." However, despite over two-thirds of representatives supporting the reward, the vote failed, falling short by 15,000 votes out of the required 400,000 legal votes. Although venture capital firm a16z cast 256,000 affirmative votes at the last minute, the vote seemed far from passing for most of the voting period. Unfortunately, KP did not reach the required number of votes.