BANCOR DISCOVERED CRITICAL VULNERABILITY-HACKED ITSELF TO PREVENT THEFT

BANCOR DISCOVERED CRITICAL VULNERABILITY-HACKED ITSELF TO PREVENT THEFT

...


The Bancor decentralized swap issued a smart contract with a critical vulnerability and is now hacking itself to save user funds from malicious actors.

The latest version of the Bancor decentralised exchange seems open to a very serious error that could lead to a serious loss of user funds.

According to a tweet posted by Bancor on June 18, the vulnerability affects the latest version of the BancorNetwork smart contract, which was launched on June 16.

Users who trade in Bancor and approve withdrawals to their smart contract are asked to cancel through a private website that has been approved.

The team explained that after discovering the vulnerability, they “attacked the contract as a white attack” to move the at-risk funds to a secure location. Presumably, the team used the aforementioned vulnerability to do so, meaning an attacker could have exhausted a significant portion of user funds.

Hex Capital tweeted that the issue was likely to be called “safeTransferFrom” without proper authorization. This function is one of the key elements of the ERC-20 contract as it allows an intelligent contract to withdraw a certain allowance without requiring user interaction.



Source