Bancor Got Hacked Again | A Thousand Ways to Die

CertiK | Jun 29, 2020

Article's Poster

On June 16th, Bancor deployed the BancorNetwork V0.6 smart contract, and just two days later, they discovered a serious security vulnerability in the contract functions that hackers could exploit to transfer money from the contract.

D:\微信文件夹\WeChat Files\wxid_24mgz92yqi3822\FileStorage\Temp\7745b3fced3a50ddfdad617435db352f.jpg

In a smart contract, functions can have four kinds of permissions:

  • Public: Can be called by everyone
  • External: Can only be called externally
  • Internal: Can only be called by the contract itself and by the inherited contracts
  • Private: Can only be called by the contract itself

It's important to note that when the permissions are set to public, anyone can call the function to transfer money from the contract.

Bancor’s Smart Contract Code

In line 45 of the contract, we find thesafeTransferFromfunction, which allows users to transfer money from one address to another, and the associated permissions for this function are set to public.

The CertiK team investigated further and found that the Bancor team used the following wallet addresses to withdraw money through the bug and clear the contract to prevent hackers from stealing it:

  1. 0xc8021b971e69e60c5deede19528b33dcd52cdbd8
  2. 0x14fa61fd261ab950b9ce07685180a9555ab5d665

The Vulnerability Exploit

On June 18th, two separate third party addresses spotted the vulnerability and took advantage of it to withdraw money from the contract. One of them was able to leverage the vulnerability and made 16 withdrawals for a total of $131,889.34. The ETH address and email address of the third party are:

  1. ETH address: 0x052ede4c2a04670be329db369c4563283391a3ea
  2. Email: arden43y@gmail.com

After this transfer, user Arden43y revealed that the address belonged to their trading system that could inadvertently exploit human error and contractual loopholes to obtain funds. If anyone could prove that the bot stole money, the user would agree to return the funds.

D:\微信文件夹\WeChat Files\wxid_24mgz92yqi3822\FileStorage\Temp\704b32037154638f7c8703d6eb6853d4.png

The addresses of the second third party are as follows:

  1. 0x854B21385544c44121f912AEdF4419335004F8ec
  2. 0x1ad1099487b11879e6116ca1ceee486d1efa7b00

These addresses made four withdrawals, totaling to $3,340, which would get you a tall Starbucks coffee a day, for three years.

The Response

Bancor issued an official response (see resource #1 at the end of the article for the full article) and conducted their own white-hat attack to to transfer the balance of $455,349 from the vulnerable contract to another wallet.

D:\微信文件夹\WeChat Files\wxid_24mgz92yqi3822\FileStorage\Temp\ba26d126e8edafcbc84f7945906b33de.png

The team also stated they are working with the third parties to return the money that was withdrawn.

D:\微信文件夹\WeChat Files\wxid_24mgz92yqi3822\FileStorage\Temp\6fe3a4d5156d3f2866b5a188dd6d1421.png

The Fixed Contract

Since the exploit, the contract’s functions permissions were changed from “public” to “internal” as it was intended.

D:\微信文件夹\WeChat Files\wxid_24mgz92yqi3822\FileStorage\Temp\2815492bf0203165620215f01a9d8aca.png

It only takes one small error to open up a vulnerability in a contract vulnerable, which may put many assets at risk of loss. Thankfully, the bug was not exploited by hackers, and Bancor’s users can breathe a sigh of relief knowing that their assets are safe—for now.

Vulnerabilities

Vulnerabilities that are similar to function call errors can include DOS, logic errors, unauthorized access, reentry, and integer overflow. Because blockchains and contracts are immutable, even small mistakes are not easily remedied and have the potential to cause huge property losses to both users and companies.

Therefore it’s important to review code with a comprehensive security company, like CertiK, to close all loopholes and potential vulnerabilities. A security audit is an essential part of deploying any contract.

Verify with CertiK

Fortunately, CertiK’s proprietary formal verification process validates the correctness of a smart contract through mathematical means.With an estimated $1B+ of assets stolen, this level of rigor is the only way to objectively show immunity against some of the most critical and frequent vulnerabilities.

While program testing can prove the existence of vulnerabilities, it cannot provide that a bug doesn’t exist.Formal Verification mathematically proves that code will work as intended, computing all possible scenarios.

CertiK’s years of experience and world-class team of security experts has allowed us to eliminate the .00000001% chance of being attacked. To receive a free quote for an audit, reach out to us at bd@certik.org or visit our website at www.certik.io!

Appendix:

Smart contract with vulnerabilities:

https://github.com/bancorprotocol/contracts-solidity/blob/4394c0e1d1785a71044101b1d6df57e332b73ba9/solidity/contracts/utility/TokenHandler.sol

Addresses of the flawed contract deployment:

  1. 0x8dFEB86C7C962577deD19AB2050AC78654feA9F7
  2. 0x5f58058C0eC971492166763c8C22632B583F667f
  3. 0x923cAb01E6a4639664aa64B76396Eec0ea7d3a5f

The revised smart contract:

https://github.com/bancorprotocol/contracts-solidity/blob/master/solidity/contracts/utility/TokenHandler.sol

Resources:

  1. https://blog.bancor.network/bancors-response-to-today-s-smart-contract-vulnerability-dc888c589fe4
  2. https://github.com/bancorprotocol/contracts-solidity/blob/4394c0e1d1785a71044101b1d6df57e332b73ba9/solidity/contracts/utility/TokenHandler.sol#L45
  3. https://explore.duneanalytics.com/public/dashboards/mEUEd9rQCPjeMkryEIgbtC0YUZwOXESQPTkkqdPX
  4. https://explore.duneanalytics.com/public/dashboards/mEUEd9rQCPjeMkryEIgbtC0YUZwOXESQPTkkqdPX