Compound Asset Listing

In collaboration with Compound, OpenZeppelin has developed a structured procedure for listing assets. This method, intended to address the security risks of Compound, derives from a comprehensive review of past asset listing proposals, community discussions, and processes adopted by other protocols. The resulting process includes a detailed checklist for security risk assessment and a sequential guide for asset listing proposals.

Users looking to implement this process must initially refer to the Process Guide, which outlines secure asset listing management from beginning to end. Gauntlet offers a complimentary Market Risk Assessment Framework within this process. The checklist is a tool for sharing necessary information with the community, marking the first step in the Asset Listing Process. An understanding of the risks is crucial, as it helps to comprehend the logic behind the checklist, process, and potential issues in integration.

The primary aim was to develop a preliminary procedure for the community to follow while securely listing assets. Feedback and improvements from the community are welcomed and encouraged. An initial objective was to list main exploration results and summarize known risks of the Compound protocol. A Risks document was produced, focusing on risks related to interaction with external assets. This document serves as a guideline for anyone evaluating new asset listings, detailing each risk category and possible mitigation through existing designs.

Post risk analysis, it was recognized that the specific risks associated with an asset must be taken into account during its listing. Hence, a checklist of queries and information requests was created for use during the asset listing process. This checklist aims to address all concerns specific to each asset and its integration. Before proposing an asset listing, the proposer must review this checklist and provide the requested information for a community check on potential integration issues. The final part of this process involves reviewing the risks, completing the checklist, and following other intermediate steps.

This effort intends to establish a secure and structured asset listing process, adaptable to community feedback and enhancements over time. Suggested improvements for the future include automated integrations for mandatory checklist completion, auto-completion of the checklist to ease proposal submission, modifications to the checklist based on community needs, improvements in tooling, formal processes for community member roles in checklist verification, and creation of a scoring framework.