Back to Vulnerability database

Bancor front-running attack

ID Submit date Publish date Author Score
1 10.25.2018 10.25.2018 6.6

Decription

Bancor is fulfilling the role of market-makers in traditional finance. The smart contract has an Ethereum reserve, and as more people buy the token, reserves grow and the price goes up. Consequently, when people sell, the contract adjusts the price to go down, so that the reserve is never depleted entirely. Unlike most other exchanges, where trades are managed off-chain, with Bancor every order is a self-contained Ethereum transaction (money + data). Unfortunately, the current setup contains a flaw, allowing anyone to front-run large transactions and make a guaranteed profit. Vector: BVSS:1.1/B:N/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/CI:N/II:M/AI:N

Component

Smart contract

Platform

Ethereum

Subclass

Front-running

Comments