Launched in September 2020, the Coin Security Smart Chain (BSC) is a public chain parallel to the Coin Security chain. It created smart contracts and collateral mechanisms for the two chains’ native tokens, Binance Coin (BNB).
In just nine months, many decentralized financial (or DeFi) projects have been built on it, but there have also been multiple incidents of protocols being hacked.
The most recent attack was on the Spartan protocol. The liquidity platform for synthetic assets was the target of the attack, which resulted in the protocol losing $30 million on May 2. According to blockchain security firm PeckShield, this attack enables hackers to falsify the balances of specific accounts and provide liquidity to cryptocurrencies in liquidity pools in order to acquire tokens. This attack is also known as a lightning loan attack.
Michael Perklin, chief information security officer at Cointelegraph and crypto trading platform ShapeShift, explains the motivation for this hack. He believes the root cause of the Spartan attack appears to be a mistake in the order of operations in the smart contract.
“The way the Spartan contract is programmed, certain operations are executed after rather than before updating the pool’s liquidity, which allows the attacker to control the price of tokens in the pool based on their deposits.”
According to Rekt, the Spartan attack is the sixth largest DeFi attack in the space. Three of the top six hacks in terms of attack value occurred on BSC’s protocol, and the other two were attacks on Uranium Finance and Meerkat Finance. In addition to these hacks, to top DeFi protocols on BSC such as PancakeSwap and Cream Finance were also threatened by hackers.
In the hack of Uranium Finance that occurred on April 28, $50 million was stolen from the automated market maker platform. The hackers used an error in Uranium’s balance modifier logic to increase the project’s balance by a factor of 100. This happened more than once. The first time was on April 10, when hackers stole $1.3 million from the protocol. As a result of this hack, the protocol was migrated to the v2 iteration of its code.
In the Meerkat Finance breach, users lost $31 million on the platform due to an alleged “rug pulling” by developers. Carpet pulling is a common scam in which assets are transferred from liquid pools in decentralized trading markets.
Lack of due diligence and delegation of authority
BSC is a chain compatible with the Ether virtual machine, which means the network essentially uses similar logic to the Ether blockchain. The main difference, however, is decentralization. bsc is very centralized and uses a proof-of-stake consensus algorithm.
Instead of having network-wide validators (the Ether way), BSC has 21 validators selected from the network, which are responsible for the operational status and validation duties of the network. Having only 21 validators on the network makes it highly centralized compared to other blockchains.
The term “blockchain trilemma” coined by Ethernet co-founder Vitalik Buterin describes the incredible nature of blockchains having the following three characteristics: decentralization, security and scalability. This essentially means that improving one of these three aspects will mean that the other two are compromised to some degree.
Therefore, since BSC seems to compromise on decentralization, it also means that hackers may be able to exploit these weaknesses to launch attacks. Marie Tatibouet, chief marketing officer at cryptocurrency exchange Gate.io, told Cointelegraph: “Centralized exchanges are much riskier than decentralized exchanges because of their inherent structure. A decentralized system spreads the risk across the network and reduces structural weaknesses.”
Because the BSC is a public, unlicensed infrastructure, it allows developers to build and deploy DeFi protocols with zero scrutiny. As a result, the responsibility to understand the risks associated with DeFi protocols on the network falls more heavily on the user. Martin Gasper, research analyst at digital asset exchange CrossTower, told Cointelegraph.
” The main problem with BSC protocols is that they are relatively new compared to many of the well-known ethereum DeFi protocols, which have stood the test of time and multiple reviews of their code. newer projects on BSC may also have code written by less experienced developers, which poses additional risks for users storing cryptocurrencies with them. “
While the DeFi protocol’s smart contracts have been tampered with and exploited in the aforementioned hacks, it does not really reflect the security vulnerabilities inherent in the BSC network. cointelegraph reached out to Binance to get its take on these attacks. While declining to comment on specific hacks, exchange representatives did compare it to DeFi’s early Ether, which places the blame on users.
A Coin spokesperson said.
“During the ICO boom of 2017, multiple ICOs and projects on Ether were scams and they were vulnerable to attacks; this does not mean that the Ether blockchain has security vulnerabilities, it just shows the lack of awareness among investors who fell victim to the security vulnerabilities of the projects. Newly admitted retail investors are not properly controlling their risk.”
That said, ConsenSys Labs, a blockchain technology company that supports the Ethernet infrastructure, has created a “Best Practices for Ethernet Smart Contracts” page that lists various known attacks and other important aspects of smart contracts deployed on the network. However, there is no page maintained for BSCs.
Tatibouet further believes that a “lack of due diligence” led to these hacks related to the centralized nature of BSCs. “They green-light hundreds of projects every week. Because of the centralized approach, they simply don’t have the manpower to do the necessary checks.” She also points out that project financing doesn’t even reveal which company audits its code, which in itself should be a major red flag.
BSC’s growth attributed to ethereum’s gas fee
Ether has been facing the problem of high gas fees in recent months. As a result, some users have given up using it because they can’t tolerate the congestion of DeFi apps on the network. In contrast, BSC has a lower gas fee and higher efficiency than Ether due to its centralized nature. After the Berlin hard fork, Ether’s gas fee has so far exceeded 300 Gwei. by comparison, BSC’s gas fee is very small, with a current average gas fee price of 6.6 Gwei.
It is the difference in gas fee prices that has led to multiple DeFi protocols and retail investors entering this BSC network. A Coin spokesperson further commented on this: “Developers can worry less about cost and can focus more on innovation. Since its launch last year, faster transaction speeds and lower transaction costs have accelerated its adoption.”
On May 9, BSC’s daily transaction volume hit an all-time high of 9.7 million, and Ether’s daily transaction volume hit an all-time high of 1.7 million on the same day. That’s almost six times the number of Ether transactions. This marks the growing adoption of the BSC network as more and more DeFi protocols continue to use it. However, comparing the two networks, Gasper argues that.
” There seems to be relatively little innovation on BSC, as many projects on the network are modeled after the top DeFi protocol on Ethereum. Also, compared to BSC, Ether has a broader product suite and there are more developers working on that suite and its products.”
Currently, the total value locked up (TVL) in the BSC network is close to $46 billion, up 60 percent from a TVL of $28.6 billion a month ago. the adoption of BSC is growing, but due to its centralized approach and lack of proper due diligence, users should always exercise caution and conduct thorough research before investing.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/as-tvls-and-transaction-volumes-increase-the-coin-smartchain-bsc-is-under-threat-of-hacking/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.