Bancor (BNT), $153M ICO from 2017, Unveils Vulnerability and Asks Users to Revoke Transaction Approvals

Thu, 06/18/2020 - 14:30
Vladislav Sopov
Bancor, one of the few ICO-funded projects that managed to built a useful product, has had a hard day. After a critical bug, users were asked to revoke approvals
Cover image via

Decentralized on-chain liquidity protocol Bancor, one of the oldest and most successful DeFi products, published an official report on a codebase bug.

Private function was made public

According to a statement from the Bancor team, the vulnerability appeared in the BancorNetwork v0.6 contracts that were deployed two days ago, on June 16, 2020.

One function of the contract, ‘safeTransferFrom’, which should have been restricted to the contract alone, was made public. As a result, this breach allowed anyone to transfer tokens approved only for certain contracts to transfer.

Image via Twitter

The team unveiled that, in order to explore the possible influence of this bug, a white-hat hack was organized. But unfortunately, two more arbitrage bots, that detected this vulnerability managed to front-run legitimate transactions with profits of $135,229.

The Bancor team has already contacted the operators of these bots and is negotiating the process of refunds in exchange for bug bounty.

Users should revoke the transaction approvals

As per the emergency statement, all Bancor users who transacted within the past 48 hours should revoke their approvals on three Bancor contracts affected by the disclosed problem. They can do so through the Bancor network itself or with the Metamask wallet.

Also, the emergency operations can be carried out manually via specially designed websites. The Bancor team released detailed instructions on how to mitigate the effects of the breach.

It is emphasized by the project that trading is now back to normal. Also, this incident won’t in any way affect the upcoming release of the Bancor V2 upgrade.

At press time, the native asset of the protocol, Bancor Network Token (BNT) is changing hands at $0.77 on major spot platforms, 8.34% down in 24 hours.

About the author

Blockchain Analyst & Writer with scientific background. 5+ years in IT-analytics, 2+ years in blockchain.

Worked in independent analysis (Crypto Briefing) as well as in start-ups (, Monoreto, Attic Lab etc.)

This site uses cookies for different purposes. Please set your preferences in Cookie Settings and visit our Cookie policy for more information on how and why cookies are used on this site. Click here for cookie policy