Ethereum-based DEX Protocol, Bancor Network reported Wednesday that it discovered a security vulnerability in a version of its smart contract deployed two days ago. Approximately $455,349 worth of customer funds were put at risk but, but the team acted quickly to move the funds to a safe wallet and rolled out an update to prevent such occurrence in the future.
Last night, a vulnerability was discovered in a new version of the BancorNetwork v0.6 contract deployed on June 16 2020.
Any users who has traded with Bancor in the last 48hrs and given approvals to the Bancor contract, go to https://t.co/bCdpVtfPOC and revoke all approvals.
— Bancor (@Bancor) June 18, 2020
In a more detailed blog post published after the incident, Bancor explained that the “v0.6 contracts mistakenly made a safeTransferFrom function in the BancorNetwork contract public.”
“Exchange smart contracts like Bancor’s use allowance to interact with user wallets. This is a common practice used by most DAPPs. But in this case, a private function that should have been restricted to the contract alone was made public. This essentially allowed anyone to transfer tokens which were approved only for the contract to transfer,” the team added.
Bancor initiated a white hack attack to remedy the situation, and reported in the current update that “Trading within the system is now back to normal.”
Notably, this is not the first time that the Bancor Network has reported security vulnerability. The project lost $13.5 million worth of user funds to a hack in 2018 and suffered another $23 million hack last year. The latest incident is the only one in which the protocol didn’t lose user funds, a development that is fast becoming the norm for decentralized protocols.
In February, bZx, a decentralized finance (DeFi) lending protocol provider lost approximately $940,000 worth of ETH to hackers in a security exploitation. Similarly, Fulcrum lost $360,000 in ETH to a protocol manipulation by an unidentified attacker.
Your crypto deserves the best security. Get a Ledger hardware wallet for just $79!