Potential Red Flags in Bancor’s ICO?


Last week, Bancor, a blockchain startup aiming to be the standard for smart tokens, held an Initial Coin Offering (ICO) which raised over $144 million in a few hours. A recent post on Hacking, Distributed claims that Bancor’s ICO was flawed and there were a number of red flags that should have backers concerned about the company’s future.

Skyrocketing ICOs

ICOs are a hot new way for startups to crowdfund large sums of money by creating a cryptocoin and selling them to investors. They’re similar to IPOs except investors don’t get an actual share of ownership of the company, but instead receive a token that could be exchanged later for cash. These tokens can be bought and sold on cryptocurrency exchanges and thus function very much like investments. The use of ICOs has skyrocketed recently, largely due to the fact that they are relatively unregulated which has led many experts to believe we are currently experiencing an ICO bubble.

Issues with Bancor’s Fundamental Code

The post on Hacking, Distributed was authored by Emin Gün Sirer, a self-proclaimed hacker and professor at Cornell, and Phil Daian, a first year Ph.D. student at Cornell. For anyone doubting the analysis, not only does Professor Sirer have extensive experience researching and writing about distributed systems, but he also expertly analyzed the notorious hack on the DAO last year which led to Ethereum’s hard fork, so he clearly understands the issues at stake.

In the post, the two authors list out 29 issues with Bancor’s ICO that they believe to be red flags. The issues can be broken down into 6 main categories: issues with Bancor’s fundamentals, front-running, bad math and lack of testing, integration and scale, users overpaying, and potential reentry issues. Probably the most troubling issue, however, is the fact that Bancor implemented their own math and according to Professor Sirer: “if there’s a rounding error, one can repeatedly buy&sell at a constant price differential.” That could potentially lead to malicious attackers constantly buying and selling tokens which would drain funds.

There was actually a debate between the other author of the article, Phil Daian, and Nick Johnson, one of the Ethereum coders who audited Bancor’s code, in a Reddit thread. The back and forth between the two actually gives hope that Bancor’s ICO wasn’t all bad. Yes there were flaws, but at least Bancor is aware of them and can hopefully now do something about it. Still, for the investors who bought coins from Bancor’s ICO, there may be some justified cause for concern. Given many experts’ belief that the ICO market is a bubble ready to burst, we might see more and more ICOs with similar red flags.

 


Have a crowdfunding offering you'd like to share? Submit an offering for consideration using our Submit a Tip form and we may share it on our site!

Sponsored Links by DQ Promote

  • Afee Bin

    More anti-Bitcoin articles, Typical fear mongering. Remember all the anti-Bitcoin articles in 2014? Well if you would have listened to those you’d have been DEAD wrong!

    • Jonathan Nieh

      Hi Afee,

      While I appreciate the comment, I don’t think Prof Emin’s article was anti-Bitcoin at all. Sure he had some criticisms of Bancor which runs on a similar technology as Bitcoin, but he wasn’t saying all cryptocoins are bad. Plus he ended the article on a positive note, giving hope to the fact that future ICOs can learn from some of Bancor’s flaws and even the possibility of Bancor’s flaws eventually being fixed.

  • Jake Vartanian

    according to Professor Sirer: “if there’s a rounding error, one can repeatedly buy&sell at a constant price differential.” That could potentially lead to malicious attackers constantly buying and selling tokens which would drain funds.”

    This is the case with all exchanges. Being able to place orders with a tight spread is a good feature. It wouldn’t drain the reserve at all because a CRR is repriced at every block based on amounts coming in/out of the smart token contract.

    It would be helpful if the other side of this was addressed too. I think Bancor made a pretty solid rebuttal to this: https://blog.bancor.network/this-analysis-of-bancor-is-flawed-18ab8a000d43

    • Jonathan Nieh

      Thanks for the comment Jake. I do plan on writing about Bancor’s response.

  • Luke Saunders

    The point in the critical article about reimplementing math is wrong. From Bancor’s rebuttal https://blog.bancor.network/this-analysis-of-bancor-is-flawed-18ab8a000d43

    > Counter to what is written here, we only implemented exponentiation, simply because a rational exponent isn’t natively implemented in Solidity and there isn’t any common battle tested implementation.

    and

    > It’s not a ‘reimplementation’ if no implementation exists.

    Where possible they used standard and safe math implementions, so I don’t see how they could have done better here.

  • Crypto Freeman

    Even respected people like Proffesor Emin can be wrong. Just read answer on all his concers! https://blog.bancor.network/this-analysis-of-bancor-is-flawed-18ab8a000d43