Bancor’s Bug Exposes Dangerously Common Practice in Ethereum DeFi
cointelegraph.com
A vulnerability discovered on Bancor on June 18 would have allowed hackers to simply drain the funds of anyone who interacted with its smart contracts. As Oded Leiba, a research engineer at ZenGo, wrote, the fund withdrawal function on Bancor’s smart contract was mistakenly set so that anyone could call it.
Warwick believes that “it is a serious issue as each new contract you give an ‘infinite approval’ to exposes you to more tail risk if the contract is compromised.” Leiba noted that over 160 addresses remain vulnerable to the bugged Bancor smart contract — presumably with no funds.
Read in Full: cointelegraph.com