HomeBlockchainSecurityBancor dealing with a vulnerability

Bancor dealing with a vulnerability

A vulnerability has been discovered in Bancor, which is an onchain liquidity protocol for both Ethereum and EOS. The flaw is in the new smart contract v0.6 that was released a few days ago.

The Bancor protocol allows managing and integrating the liquidity of the Ethereum and EOS blockchains so that each token can have its own liquidity and create its own liquidity pool without problems.

This pool system, however, has some minor disadvantages as it could result in a loss due to an imbalance between one token and another and is therefore inconvenient for users as they would spend too much to rebalance the pool.

To solve this type of problem, called impermanent loss, Bancor has set to work and with Chainlink has developed a new system that allows adjusting prices thanks to this type of oracle and thus limiting exposure to only one token.

Obviously, such a system has to be tested and in fact, it’s been over 2 months that Bancor has been doing tests for Bancor v2, which should arrive next month. 

But, before releasing this update, Bancor had released Bancor Network v0.6, a few days ago to prepare the groundwork for the new system.

At this point, after several tests, the new smart contract was activated a couple of days ago, on June 16th, but in the last hours, the team has detected a vulnerability (rumoured to be an unauthenticated safeTansferFrom) within the system that would have allowed to steal all the funds.

However, the funds are safe and no one has lost anything, at least that’s what was stated on the various social networks of Bancor, that also provided a procedure to check whether a wallet was involved in the vulnerability. 

All those who have interacted with these smart contracts can use this website to check.

What to do in case of vulnerability

If one of these smart contracts is found to have interacted with your wallet, press the purple “Decline for Contract” button and confirm the transaction. 

Subsequently, you must go to Bancor’s support page and open a report providing your address so that the funds can be transferred to the rightful owner.

In short, the team seems to have intervened promptly and no one has lost funds, at least for the moment.


Alfredo de Candia
Alfredo de Candia
Android developer for over 8 years with a dozen of developed apps, Alfredo at age 21 has climbed Mount Fuji following the saying: "He who climbs Mount Fuji once in his life is a wise man, who climbs him twice is a Crazy". Among his app we find a Japanese database, a spam and virus database, the most complete database on Anime and Manga series birthdays and a shitcoin database. Sunday Miner, Alfredo has a passion for crypto and is a fan of EOS.