Summary
Bancor implements an AMM exchange protocol with flash loan functionality. The reviewed Bancor v3 tries to mitigate any impairment loss for liquidity providers instantly, has an “Omnipool” for BNT liquidity providers that is used to trade against all other tokens. All tokens can be provided single-sided. In contrast to the previous version, it also has no liquidity caps in the pools.
The most critical subjects covered in our audit were security and functional correctness issues. Most severe is an Oracle Manipulation. All raised issues have been fixed accordingly or were acknowledged by Bancor. The review of any economic principles or business logic is excluded in our technical reviews.
In summary, we find that the codebase provides a good level of security. It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. Especially, for project of this size, they complement but don’t replace other vital measures to secure a project.
About Bancor v3
“Bancor is a decentralized network of on-chain automated market makers (AMMs) supporting instant, low-cost trading, as well as Single-Sided Liquidity Provision and Liquidity Protection for any listed token.”
ChainSecurity’s dedication, level of professionalism and technical capability during the audit of Bancor v3 were as impressive as it can get. They are definitely one of the obvious partners for current and future versions.
Yudi Levi (Bancor Chief Architect)