On July 8th 2018, reports emerged that a security breach in the Bancor (BNT) contract resulted in the loss of $23.5 million in funds. As released by the Bancor team, “a wallet used to upgrade some smart contracts was compromised”. While there are no guaranteed ways to protect the wallet’s private key, the cause for funds lost, observed from source code security audit perspective, is fundamentally due to the granting token admins functionality that should have been flagged as a vulnerability.
The TL;DR is that the Bancor admin account was hacked, thus leading to the transfer of tokens (worth millions of dollars) which were held but not owned by Bancor, to another address.
The longer version is that a compromised wallet address, given the name of Fake_Phishing1701, obtained owner permission during the contract upgrade. Then in this following transaction, Fake_Phishing1701 transferred 22,000 ETH out of the TokenHolder contract, which is owned by Bancor team, to the hacker’s personal address.
In Bancor’s smart contract implementation, there is a TokenHolder that was designed to temporarily hold the customers’ tokens to be eventually exchanged.
However, as we can see from the code (snippet provided below), it gives the contract’s owner the ability to transfer all the balance from TokenHolder to any address. This effectively means that people don’t really own the token in their Bancor wallet, rather the Bancor admin can easily transfer the money out of the account at any time.
This is a severe design flaw on centralized administrative controls, since the Bancor team is granted with god-like privileges to transfer funds in TokenHolder contracts that don’t belong to Bancor themselves but to the account holders. As a result, this had has led to Bancor wallet users losing $23.5 million USD worth of ETH and other cryptos.
How CertiK could help surface overprivileged vulnerabilities in smart contracts
In order to prevent contract owners from having more permissions than they actually need, CertiK verification engine has developed a special smart label called OWNER_ONLY_TRANSFER_WARNING, which will be applied to functions that could be invoked only by contract owners. Having warnings on owner-only functions are extremely useful to give smart contract owners/developers a chance to revisit the design and evaluate whether the function specification is legitimate.
Above is a short demo video illustrating the verification progress surfacing the risk for the developer to review the design. If Bancor had utilized CertiK platform to conduct a verification on the contracts, these warnings would bring to their attention so that they can redesign the token upgrade workflow, allowing them to mitigate the risk of over-privileged admin accounts that may be compromised and led to the loss of user funds.
At CertiK, our mission is to give people the power to trust, and provide the world’s best formal verification platform for smart contracts. Founded by top formal verification experts and scientists from Yale University and Columbia University, CertiK provides the best scalable formal verification service in the market with the most competitive price.