Compound Found and Fixed Critical Vulnerabilities Related to $TUSD Contracts in Audit

During a comprehensive audit of the Compound Finance protocol, OpenZeppelin reviewed a vulnerability in the cToken smart contract for TrueUSD ($TUSD) previously discovered and reported to Compound Labs by ChainSecurity. OpenZeppelin determined that the vulnerability was not limited only to Compound, but had wider implications for the DeFi community as a whole. As many as 30 DeFi protocols may have been similarly affected. If exploited, it could result in millions of dollars in losses. The patch was successfully deployed on February 23, 2022, fixing the root cause of the vulnerability with no funds lost.