Bancor implements an AMM exchange protocol with flash loan functionality. The reviewed Bancor v3 tries to mitigate any impairment loss for liquidity providers instantly, has an “Omnipool” for BNT liquidity providers that is used to trade against all other tokens. All tokens can be provided single-sided. In contrast to the previous version, it also has no liquidity caps in the pools.
The most critical subjects covered in our audit were security and functional correctness issues. Most severe is an Oracle Manipulation. All raised issues have been fixed accordingly or were acknowledged by Bancor. The review of any economic principles or business logic is excluded in our technical reviews.
In summary, we find that the codebase provides a good level of security. It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. Especially, for project of this size, they complement but don’t replace other vital measures to secure a project.