Bancor Unchained: All Your Token Are Belong To Us

Udi Wertheimer
Jun 20, 2017 · 11 min read

Did you read your smart contract?

“Smart contracts” are at the heart of the Ethereum blockchain. They are written by coders, so some people think of them as “apps”. But in reality, they aim to replace legal prose. Smart contracts can describe, for example, a set of conditions that will control who gets a pre-deposited amount of money. Or they can describe who will get to decide what happens with a pool of coins.

Reading Bancor’s contracts

A lot of ICOs use smart contracts to raise money. Bancor is one of them.

Crowdsale Unlimited

Bancor’s crowdsale went live on June 12th. Prior to its start, in a blog post, the team pubished the sale terms, including the following:

  • There would be a “hidden cap” for the amount of funds to be allowed in, which would be revealed when raising 80% of the cap.
  • During the first hour, called the “minimum time”, all funds would be allowed in, even if above the “hidden cap”. If the sale goes over the “hidden cap” during the first hour, it would stop immediately at the end of this first hour. Otherwise, it will continue until reaching the “hidden cap”.
The corwdsale duration, in the actual contract code
The “hidden cap” was to be revealed, and set, whenever the contract owner calls this enableRealCap function, which sets the totalEtherCap variable
The safety cap is 1,000,000 ETH, until the enableRealCap function, from the previous snippet, is called by the contract owner to replace it with the “hidden cap”.
This etherCapNotReached modifier is called before every “contribution” to the sale, to assert that the total amount contributed isn’t higher than the current totalEtherCap, which is set to 1,000,000 ETH (above) until the contract owner decides to reveal the “hidden cap”.

A token full of back doors

In BancorTokenContract, contract owner (the contract below) is allowed to disable transactions
In BancorCrowdsale, contract owner (the Bancor team) is allowed to use BancorTokenContract (above) to disable transactions
In BancorTokenContract, contract owner (the contract below) is allowed to issue new tokens arbitrarily
In BancorCrowdsale, contract owner (the Bancor team) is allowed to use BancorTokenContract (above) to issue new tokens arbitrarily
In BancorTokenContract, contract owner (the contract below) is allowed to destroy anyone’s tokens arbitrarily
In BancorCrowdsale, contract owner (the Bancor team) is allowed to use BancorTokenContract (above) to destroy anyone’s tokens arbitrarily

How did this go by unnoticed?

For anyone who’s been in crypto long enough, this is a big no-no. How come no one noticed this?

Upgradeability

Bancor’s contracts are “upgradeable”, meaning they can replace them with new functionality, giving them more power, or removing power from themselves. They promise on some communications they will gradually remove their control over the system.

The risks

As I mentioned before, I trust that Bancor’s team won’t try to misuse this backdoor. However, having so much power concentrated centrally, creates a potential single point of failure. The keys held by the team could be stolen for example. Or, law enforcement could force the project to freeze or destroy tokens if they realize this is possible (and if for some reason they would suspect any wrongdoing).

Recommendations and Conclusion

  • For the Bancor project: I would recommend to immediately restructure the contracts to remove the team’s capability to freeze, issue, or destroy assets arbitrarily. Otherwise, a proper advisory should be given to investors and industry members about the existence of these backdoors, and how to mitigate their risks.
  • For exchanges: The safest route would be to delay listing BNT tokens until the team removes the backdoors. If this is not possible, at the very least inform users during the deposit process that their tokens may be frozen or destroyed by Bancor, and adapt the exchange’s system to monitor that tokens remain non-destroyed and liquid.
  • For future crowdsales: In order to be fully transparent with potential investors and users, it would be best if ICO projects share a clear “English translation” of their smart contracts, that explain step-by-step what the contract does. More than anything else, it should focus on the differences between the written terms and the contract itself, differences that sometimes have to exist.

Unchained Reports

Covering the deep dark secrets of the “blockchain industry”

Udi Wertheimer

Written by

Bitcoiner. Coder. Adversarial thinker. Troll.

Unchained Reports

Covering the deep dark secrets of the “blockchain industry”