Bancor Invites Bounty Hunters to Peek Into Its Code Ahead of V2 Launch

Published at: July 17, 2020

As the launch of Bancor V2 draws close, the team is inviting the community to take a look at its code and report any vulnerabilities they may find.

On Friday, the project released the code for the Bancor V2 smart contracts, which feature a variety of improvements that help both the users and liquidity providers of the protocol.

At the same time Bancor is also launching a bug bounty program to incentivize the community to find bugs ahead of the launch. 

While third party audits are also ongoing, the bounty ensures that the maximum number of eyes has taken a look at the code to search for vulnerabilities. Until July 30, the rewards are being boosted by 20% to a $54,000 maximum payout. The bounty will continue after the two week period, but the maximum reward will lower to $45,000. 

The bounty is V2-specific and follows similar programs launched in different times after Bancor’s initial release in 2017. Bancor planned on running it before its security incident in June, the team said. Unlike previous iterations, the bounty will not be time or funds-limited.

Removing impermanent loss and more

Impermanent loss happens to liquidity providers on all existing automated money markets, or AMMs, when the prices of the assets can swing wildly between each other. This includes markets like Uniswap or Balancer, while stable assets-only markets like Curve are virtually immune. 

When prices change significantly, liquidity providers will often find that the value of their stake is less than what they put in initially. The loss is “impermanent” because the price can theoretically return to the previous value and balance the loss, but in practice this may not always be the case.

Bancor V2 solves this by using an oracle to read the current market price. When it detects changes, it automatically tweaks the target balance to account for the change in value of each side of the pool. Instead of always seeking to return to a 50-50 balance, it could instead temporarily target a 52-48 balance, as an example. This removes the possibility of a “bad arbitrage that extracts value,” as Bancor’s head of growth Nate Hindman explained to Cointelegraph. 

But the balance still needs to remain at 50-50 over time to ensure that liquidity providers can withdraw the same amount they put in. Several incentives ensure that this will be the case, though liquidity providers may need to wait until the system rebalances to reclaim their assets in full.

Added to this, V2 splits the single liquidity pool token into two counterparts, which allows collecting fees while only having price exposure to one asset.

Finally, Bancor users will also benefit from an improved “bonding curve” that reduces price slippage per unit of liquidity. The combination of these features could give Bancor V2 a significant edge over its peers, at least for some time. 

The upgrade is being targeted for release at the end of July or early August, Hindman said.

Update: The article incorrectly assumed that Bancor’s decision to run a bounty was motivated by a recent security incident.

Tags
Technology
Defi
Security
Bancor
Related Posts
Venture Firm Proposes 'DeRisking as a Service' for Safe DeFi Launches
Ken Deeter, a partner at crypto venture firm, Electric Capital, proposed a pragmatic approach to ensure decentralized finance, or DeFi, projects are not exploited due to bugs in the system. In an article published on May 27 through the Electric Capital blog, Deeter calls for DeFi projects to introduce “better risk management.” This largely comes as a response to the many hacks and protocol failures that occurred in recent months, like the temporary theft of $25 million from the dForce protocol. Deeter believes that DeFi should adopt some of the established techniques in the tech industry, which makes heavy use …
Technology / May 27, 2020
Decentralized Exchange Bancor Officially Launches Upgraded V2 Platform
The Bancor project has launched a heavily upgraded version of its decentralized exchange, promising to solve what it calls “DeFi’s dirty little secret.” According to a blog post released on Friday, the contracts have been deployed to mainnet in a beta launch mode. Each pool will have its liquidity capped to $1 million until a “pool manager” permanently removes the limitation when it is confirmed safe. As Cointelegraph previously reported, the exchange mitigates the issue of impermanent loss, where liquidity providers could lose some of their money as prices for particular assets fluctuated. The solution involves a combination of incentives …
Technology / July 31, 2020
ZenGo Warns of Major Security Flaw Among DApp Wallets
Cryptocurrency wallet provider ZenGo has built a testnet to demonstrate a major security flaw prevalent among decentralized application (DApp) wallets. On March 23, ZenGo published an article highlighting that, when authorizing a specific transaction, many DApp wallets actually grant access over all of that particular token stored in the connected wallet: “As a result, if the DApp is vulnerable to a security issue or is rogue to begin with, attackers can abuse these highly excessive privileges to steal ALL of the DApp’s users holdings (in the approved tokens) without any further user consent. They can do so at any point …
Technology / March 24, 2020
Security and interoperability, the challenges ahead of Web3 mass adoption
By 2030, Web3 is expected to reach a market size of $81.5 billion, according to Emergen Research, but the industry still has challenges to overcome, including security and interoperability, said players interviewed by Cointelegraph. Interoperability, in short, provides communication between blockchains, aiming to offer a similar experience to users as Web2, hiding infrastructure complexity away and ensuring they don't have to know what solution is powering the mobile app they use, explained Derek Yoo, CEO of PureStake, a development team for the layer-1 blockchain Moonbeam. However, interoperability also brings more moving parts to any system, and security is one of …
Adoption / Oct. 6, 2022
Top 7 cybersecurity jobs in high demand
In today’s digital age, cybersecurity has become a critical aspect of almost every business. Cyber threats are increasing daily, and businesses must take proactive measures to protect their networks and data. As a result, the demand for cybersecurity professionals has skyrocketed. Little Friday humour #meme #cybersecurity @hackurityio pic.twitter.com/MArEpCh03k — Harold De Vries (@devries_harold) February 17, 2023 In this article, we will discuss the top seven cybersecurity jobs that are in high demand. Cybersecurity analyst A cybersecurity analyst is responsible for identifying and mitigating cyber threats to an organization’s network and data. They examine system logs and network traffic to find …
Technology / Feb. 26, 2023