Compound's protocol is upgradeable via a single admin key with a 2-day timelock. Compound claims to use an "offline multi-party process" for key security.

Update: Feb 26, 2020 Compound has announced the development of a token-based governance system which would aim to eliminate the need for the admin key described here. Transition date is still TBD.

Is the security of user funds dependent on opsec of admin key?

Yes ⚠️

Current Admin Key Config

Timelock: 2 days Multisig: None

Claimed Admin Key OpSec

"Offline multi-party process"

Verified Admin Key OpSec

Unverifiable ⚠️

Admin Key Address

More Info & Documentation

Open Zeppelin Audit Summary Compound Blog Post on Governance Compound Timelock Interface