Bancor Invites Bounty Hunters to Peek Into Its Code Ahead of V2 Launch
As the launch of Bancor V2 draws close, the team is inviting the community to take a look at its code and report any vulnerabilities they may find.
On Friday, the project released the code for the Bancor V2 smart contracts, which feature a variety of improvements that help both the users and liquidity providers of the protocol.
At the same time Bancor is also launching a bug bounty program to incentivize the community to find bugs ahead of the launch.
While third party audits are also ongoing, the bounty ensures that the maximum number of eyes has taken a look at the code to search for vulnerabilities. Until July 30, the rewards are being boosted by 20% to a $54,000 maximum payout. The bounty will continue after the two week period, but the maximum reward will lower to $45,000.
The bounty is V2-specific and follows similar programs launched in different times after Bancor’s initial release in 2017. Bancor planned on running it before its security incident in June, the team said. Unlike previous iterations, the bounty will not be time or funds-limited.
Removing impermanent loss and more
Impermanent loss happens to liquidity providers on all existing automated money markets, or AMMs, when the prices of the assets can swing wildly between each other. This includes markets like Uniswap or Balancer, while stable assets-only markets like Curve are virtually immune.
When prices change significantly, liquidity providers will often find that the value of their stake is less than what they put in initially. The loss is “impermanent” because the price can theoretically return to the previous value and balance the loss, but in practice this may not always be the case.
Bancor V2 solves this by using an oracle to read the current market price. When it detects changes, it automatically tweaks the target balance to account for the change in value of each side of the pool. Instead of always seeking to return to a 50-50 balance, it could instead temporarily target a 52-48 balance, as an example. This removes the possibility of a “bad arbitrage that extracts value,” as Bancor’s head of growth Nate Hindman explained to Cointelegraph.
But the balance still needs to remain at 50-50 over time to ensure that liquidity providers can withdraw the same amount they put in. Several incentives ensure that this will be the case, though liquidity providers may need to wait until the system rebalances to reclaim their assets in full.
Added to this, V2 splits the single liquidity pool token into two counterparts, which allows collecting fees while only having price exposure to one asset.
Finally, Bancor users will also benefit from an improved “bonding curve” that reduces price slippage per unit of liquidity. The combination of these features could give Bancor V2 a significant edge over its peers, at least for some time.
The upgrade is being targeted for release at the end of July or early August, Hindman said.
Update: The article incorrectly assumed that Bancor’s decision to run a bounty was motivated by a recent security incident.