QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
UNKNOWN
AUGUST 2017
GLOBAL
BANCOR
DESCRIPTION OF EVENTS
"The Bancor Network is a cross-chain cryptocurrency conversion platform that lets you convert between Ethereum and EOS tokens (others are in the works) without the need of a middleman or other third party. Bancor Network Token (BNT) is the intermediary token used by Bancor to initiate exchanges. It’s both an ERC-20 token and EOS token."
"Bancor is a protocol for trading and pricing Ethereum ERC-20 tokens, as well as the eponymous token, abbreviated as BNT, with the current market capitalization of approximately 180 million dollars. The core problem Bancor solves is as follows: normally, for a trade to happen, there has to be a buyer and a seller, having opposing desires (to buy and to sell) at the same moment in time. This limitation may be fine for large publicly traded stocks, but for long-tail crypto tokens this can create a serious inconvenience."
"Bancor solves this problem by allowing anyone to trade against a public smart contract, which offers an automatically calculated token price following a precise formula. Essentially, Bancor is fulfilling the role of market-makers in traditional finance. The smart contract has an Ethereum reserve, and as more people buy the token, reserves grow and the price goes up. Consequently, when people sell, the contract adjusts the price to go down, so that the reserve is never depleted entirely. Unlike most other exchanges, where trades are managed off-chain, with Bancor every order is a self-contained Ethereum transaction (money + data)."
"When somebody broadcasts a transaction on the Ethereum network, it becomes available to other nodes almost immediately as a pending transaction and is added to the common queue, but it is not confirmed until the block confirmation hash is found by some miner (thus confirming all the transactions in that block), which tends to happen once every ~20 seconds. Further, up until the block is confirmed, the order of the pending transactions is up for grabs, and miners basically sort transactions by how much they’re paid per gas (that is, per unit of computation they’ll have to perform)."
"This discrepancy creates an attack vector: any user running a full-node Ethereum client can spot a pending transaction and insert their own transaction in front of it by paying more per gas. If you see a large BUY is about to happen, you know the BNT price will increase (following their deterministic formula), so if you buy in before that transaction you get an instant appreciation of your tokens and a guaranteed return on your investment. Similarly, if somebody sent out a pending SELL, an attacker can sell their tokens in front."
"The [front-running] term originated in the stock market, back in the days when trades were executed on paper, carried by hand between the trading desks. A broker would receive an order from a client to buy a certain stock, but then place a buy order for themselves in front. That way the broker benefits from the price increase at the expense of their client. Naturally, the practice is unfair and was outlawed."
"One partial solution is to set a minReturn on trades, basically canceling your order if you realize someone squeezed in front of you. This does prevent attackers from making guaranteed money instantly, but raises the question: what is a buyer supposed to do next? The order just revealed their intention to buy, and presumably they still want their Bancor, so they’ll place another buy order sometime in the near future, which will eventually raise the Bancor price and, on average, will profit the attacker just the same."
"Yesterday, the Bancor team released a Web3 interface that implements the minReturn solution. Longer-term, and assuming perfectly intelligent adversaries, this might lead to some curious Nash equilibria (e.g. front-runners might block trades unless they are allowed a small profit margin, though a lower one than if they were front-running entirely naive users), but right now, this should solve most of the practical risk."
It's possible on a decentralized exchange for an adversary to observe the Ethereum mem-pool, see that another participant wants to make a purchase, and also decide to make a purchase at the same price.
Hence, the original purchaser would end up missing a portion of their purchase at that price, and have to pay more, depending on the liquidity.
The solution, as implemented, is to have gas prices the same for all orders, however this doesn't deal with the case where the miner places their order ahead of others.
HOW COULD THIS HAVE BEEN PREVENTED?
Traders who wish to execute their order at a given price should create a limit order, rather than executing at market price.
List of Ethereum Smart Contracts Post-Mortems - Security - OpenZeppelin Community (Jun 23)
Implementing Ethereum trading front-runs on the Bancor exchange in Python | Hacker Noon (Jun 23)
What Is Bancor Network Token? Introduction to BNT Token | Crypto Briefing (May 23)
