[COMP] ERC20 Token Smart Contract Domain Community Assessment

General Information

Risk Summary

  • Does the contract implement the ERC20 token standards?
    Yes, the contract implements all the required ERC20 functions.
  • Risk analysis: Low

Technical Information

  • Compiler version: v0.5.16+commit.9c3226ce
  • Decimals: 18
  • Overflow checks: Yes, the contract has custom safe Integer and add functions
  • Mitigation against allowance race-condition: No, the approve function has a race condition
  • Upgradeable contract patterns: No
  • Access control or restriction lists: No
  • Non-standard features or behaviors: voting, and vote delegation related functions

Formal Verification Considerations:

  • Does transfer have simple semantics? Yes
  • Does transferFrom have simple semantics? Yes
  • Can balances be arbitrarily modified by some actor? No
  • Are there any external calls? Yes, voting functions and erc20 functions are external.

Testnet Information

Rinkeby testnet address: 0xd6801a1dffcd0a410336ef88def4320d6df1883e

compound networks deployment information: https://compound.finance/docs#networks

Contract Logic Summary

At its core the implementation is a standard erc20 contract which uses the custom safe integer and add functions.
The contract also implements various voting, and vote delegation functions.

Administrative Addresses

Below is a list of addresses related to token management:

delegation typehash: 0xe48329057bfd03d55e49b547132e39cffd9c1820ad7b9d4c5307691425d15adf
domain typehash: 0x8cad95687ba82c2ce50e74f7b754645e5117c3a5bec8151c0726d5857980a866

Contract Risk Summary

This is a low risk contract. The ERC20 functions are implemented to the industry standard, although approve does have a race condition. The contract makes use of custom functions to prevent integer underflow and overflow. A number of voting functions are also implemented as COMP is a governance token.

Contracts Description Table

Contract Type Bases
└ Function Name Visibility Mutability Modifiers
Comp Implementation
└ Public :exclamation: :stop_sign: NO❗️
└ allowance External :exclamation: NO❗️
└ approve External :exclamation: :stop_sign: NO❗️
└ balanceOf External :exclamation: NO❗️
└ transfer External :exclamation: :stop_sign: NO❗️
└ transferFrom External :exclamation: :stop_sign: NO❗️
└ delegate Public :exclamation: :stop_sign: NO❗️
└ delegateBySig Public :exclamation: :stop_sign: NO❗️
└ getCurrentVotes External :exclamation: NO❗️
└ getPriorVotes Public :exclamation: NO❗️
└ _delegate Internal :lock: :stop_sign:
└ _transferTokens Internal :lock: :stop_sign:
└ _moveDelegates Internal :lock: :stop_sign:
└ _writeCheckpoint Internal :lock: :stop_sign:
└ safe32 Internal :lock:
└ safe96 Internal :lock:
└ add96 Internal :lock:
└ sub96 Internal :lock:
└ getChainId Internal :lock:


Symbol Meaning
:stop_sign: Function can modify state
:dollar: Function is payable

@wil I decided to publish this, but let me know if anything looks weird here.

1 Like

Awesome, again thank you, this is very helpful now that we’re preparing for the September governance cycle.

1 Like