Last week, Bancor, a blockchain startup aiming to be the standard for smart tokens, held an Initial Coin Offering (ICO) which raised over $144 million in a few hours. A recent post on Hacking, Distributed claims that Bancor’s ICO was flawed and there were a number of red flags that should have backers concerned about the company’s future.
ICOs are a hot new way for startups to crowdfund large sums of money by creating a cryptocoin and selling them to investors. They’re similar to IPOs except investors don’t get an actual share of ownership of the company, but instead receive a token that could be exchanged later for cash. These tokens can be bought and sold on cryptocurrency exchanges and thus function very much like investments. The use of ICOs has skyrocketed recently, largely due to the fact that they are relatively unregulated which has led many experts to believe we are currently experiencing an ICO bubble.
Issues with Bancor’s Fundamental Code
The post on Hacking, Distributed was authored by Emin Gün Sirer, a self-proclaimed hacker and professor at Cornell, and Phil Daian, a first year Ph.D. student at Cornell. For anyone doubting the analysis, not only does Professor Sirer have extensive experience researching and writing about distributed systems, but he also expertly analyzed the notorious hack on the DAO last year which led to Ethereum’s hard fork, so he clearly understands the issues at stake.
In the post, the two authors list out 29 issues with Bancor’s ICO that they believe to be red flags. The issues can be broken down into 6 main categories: issues with Bancor’s fundamentals, front-running, bad math and lack of testing, integration and scale, users overpaying, and potential reentry issues. Probably the most troubling issue, however, is the fact that Bancor implemented their own math and according to Professor Sirer: “if there’s a rounding error, one can repeatedly buy&sell at a constant price differential.” That could potentially lead to malicious attackers constantly buying and selling tokens which would drain funds.
There was actually a debate between the other author of the article, Phil Daian, and Nick Johnson, one of the Ethereum coders who audited Bancor’s code, in a Reddit thread. The back and forth between the two actually gives hope that Bancor’s ICO wasn’t all bad. Yes there were flaws, but at least Bancor is aware of them and can hopefully now do something about it. Still, for the investors who bought coins from Bancor’s ICO, there may be some justified cause for concern. Given many experts’ belief that the ICO market is a bubble ready to burst, we might see more and more ICOs with similar red flags.
Have a crowdfunding offering you'd like to share? Submit an offering for consideration using our Submit a Tip form and we may share it on our site!