“We have checked it and found it to be a false positive. We have adjusted our practices for future events like these.”
Quantstamp statement on report being false.
Quantstamp recently did an audit of 5 Bancor’s smart contract and noticed some potential code flaws that could lead to a malicious attack in the future.
Straight up, the Bancor smart contract code is clean and well organized and no immediate changes are needed as Bancor smart contracts are not under immediate attack threat. The two potential vulnerabilities are found in 2 out of 5 audited smart contracts.
The first flaw occurs when the BancorConverter contract executes the state of another contract. According to Quantstamp, this can create a problem, as it takes “little skill to exploit” the reentrancy flaw. The company even highlighted the line of code which is at risk, and it will be interesting to see whether or not Bancor addresses this problem soon.
The second flaw is a total of ten warnings that appear in the assertion failure department of this smart contract. While this weak spot is not as severe as the previous one, it could be an indication of other critical flaws in the smart contract. Quantstamp auditors have not found any of those flaws as of yet, but they did highlight several lines of code which could cause problems down the line.
Quantstamp is a security-auditing protocol for smart contracts. As a dapps platform, Ethereum has proven its security time and again. However, dapps and smart contracts on top of Ethereum may still have bugs in which malicious players can cause havoc on the network. The two most notable examples of these being the $55 million DAO hack and the $30 million Parity wallet bug. These issues not only affect the people who’ve had their funds stolen, but they also diminish the credibility of the entire ecosystem.
Bancor is a blockchain protocol that allows users to convert between different tokens directly as opposed to exchanging them on cryptocurrency markets.
The project offers a network, which we’ll discuss soon, that works to bring liquidity to the majority of tokens that lack a consistent supply/demand in exchanges. That network is built on smart contracts and a new class of cryptocurrencies that the team calls “Smart Tokens.”