Exchange Bancor broke herself to save assets from critical vulnerabilities

Биржа Bancor сломала сама себя, чтобы спасти средства пользователей от критической уязвимости

Decentralized exchange Bancor has released a smart contract with a critical vulnerability, and decided to break themselves, to protect assets from the bad players.

Cointelegraph writes, the latest version of decentralized exchange Bancor contains a vulnerability of the very serious bugs that can lead to a significant loss of users.

According to Twitter, Bancor published on 18 June, the vulnerability affects the latest version of smart contract BancorNetwork, which was launched on June 16.

Users who traded on Bancor and gave consent to the withdrawal of your smart contract, it is recommended to withdraw it through a dedicated website, approved.zone.

The team explained that finding a vulnerability, they “attacked the contract as white hackers”, and moved funds found themselves under threat in a safe place. Likely, the team used the aforementioned vulnerability for this. This means that a potential attacker could spend a significant amount of users.

Gex Capital (Hex Capital) wrote that the problem arose because of the potential to cause safe transfer “safeTransferFrom” without permission. This feature is one of the key elements of the contract ERC-20, as it allows smart contract to remove certain markup, without requiring user intervention.

Gex Capital suggests that the team is saving money, “was late in many points”. However, according to the investigation team 1inch.exchange, to blame the front-runner.

Front-runner “stealing” of the money

Team 1inch.exchange found at least two unknown users who started copying transaction team Bancor as soon as they started. File bots were created to take advantage of arbitrage and they “are unable to distinguish the possibility of arbitration from breaking,” writes the team.

However, all the front-runner, which had publicly pointed out the contact information, which means that they will be ready to return the money. One of the leaders has promised to return the money. The part that moved to the front runners, significant, although the team 1inch.exchange writes:

“The team Bancor saved $409 656 and spent 3,94 ETH for gas, while the automatic front-runners seized $135 229 and spent 1,92 ETH gas. Users assessed a total of $544 885”.

The audit did not help

In response to the incident, some community members began to ask whether Bancor audit new smart contracts. The announcement of a new version 0.6 Bancor noted that “the audit carried out safety”.

Although more information was not an anonymous researcher Frank Topbottom (Frank Topbottom) reported that he found mentioned in the report repository GitHub, which States that the security audit was conducted by Kanso Labs of tel Aviv, there also deployed the majority of the team members Bancor.

Bancor, the team announced that the vulnerability was discovered by a third-party developer shortly after launch.

As reported Coinews, the vulnerability of the desktop version of Trinity purse was discovered after hackers gained access to private keys of the wallet. The reason for the attack could be the company’s services MoonPay, service, which allowed users to buy Iota directly.

On Coinews we were told that the data base 129 million Russian drivers offered on the darknet only 0.3 bitcoins or about $2900.

Telegram subscribe to our channel!

Read us in Facebook!

Share