Quantstamp Discovers Two Big Flaws in Bancor’s Smart Contract

Even though smart contracts are a massive improvement in the world of blockchain technology, their code often leaves much to be desired. Every smart contract needs proper auditing, yet it seems few companies are actually pursuing this option right now. Quantstamp recently took a look at Bancor’s smart contract and noticed some discrepancies.

The Bancor Smart Contract Issues

To put everything into its proper perspective, the Bancor smart contract is not under immediate threat as of right now. Most of the code is well-written and does not warrant any changes whatsoever. However, Quantstamp did identify two vulnerabilities which the team will need to look into sooner rather than later. For the five contracts being audited, only a few aspects triggered an official warning.

Quantstamp is doing the entire blockchain industry a favor by properly analyzing all of these smart contracts. The last thing anyone needs is another repeat of The DAO, with millions of dollars worth of funds being lost or stolen and necessitating another Ethereum hard fork. For Bancor, it seems addressing these issues will not be much of a problem, assuming they take this feedback to heart.

The two vulnerabilities discovered by Quantstamp are well worth taking notice of, though. The first flaw occurs when the BancorConverter contract executes the state of another contract. According to Quantstamp, this can create a problem, as it takes “little skill to exploit” the reentrancy flaw. The company even highlighted the line of code which is at risk, and it will be interesting to see whether or not Bancor addresses this problem soon.

Moreover, a total of ten warnings arose in the assertion failure department of this smart contract. While this flaw is not as severe as the previous one, it could hint at other critical vulnerabilities in the smart contract. Quantstamp has not found any of those flaws as of yet, but they did highlight several lines of code which could cause problems down the line.

This information needs to be taken at face value, even though it’s still up to the Bancor team to review this report and act upon it. While discovering potential smart contract vulnerabilities is a positive development, it goes to show that audits like these should have happened weeks, if not months ago. Any company relying on this technology needs a proper independent audit at some point. Why so few companies decide to pursue this option will always remain a mystery.

It will be quite interesting to see what Quantstamp’s other investigations turn up. With so many smart contract-based projects raising millions of dollars, it is evident that looking over everything with a fine-tooth comb is more than warranted at this stage. Pointing out the flaws found in various smart contracts is of the utmost importance in this industry, although no one can force companies to take such advice to heart.

Source: Read Full Article

Leave a Reply