Back/compound-v3-ethereum
>

Compound V3 — Trail of Bits scoped review

[PUBLISHED]
trail of bits · compound-v3-ethereum
// trail of bitsprotocol: compound-v3-ethereumpublished: Mar 20, 2026source →

Trail of Bits' Q1 2026 Compound V3 review surfaced one high-severity rounding issue in the liquidation incentive math and two informational items on collateral asset registration. The rounding bug is negligible per-liquidation but visible to liquidators tracking total accrued incentives.

// findings · 2
  • [HIGH]

    Liquidation incentive uses floor rounding where ceiling is expected, leading to liquidator under-payment. Effect is negligible per-liquidation but accrues to large-volume liquidators.

    Comet.absorb()liquidation math
    Liquidation incentive calculation uses incorrect rounding direction, leading to liquidators receiving 1-2 wei less per liquidation.
    ref: TOB-001
    affects:liquidationliquidator
  • [MEDIUM]

    Collateral asset registration does not require an explicit decimals check, allowing future mis-registration of non-18-decimal collateral.

    Configurator.addCollateralAsset
    No explicit decimals check during collateral registration.
    ref: TOB-002
// why this might be wrong
  • This brief was generated by a multi-pass LLM editorial pipeline. Findings reflect public source material at the time of synthesis.
  • Confirm against the original audit firm source before acting on any individual finding.
  • Severity classification has been normalized across firms — the source firm uses its own scale.