Binance Smart Chain (BSC) was introduced as a blockchain parallel to Binance Chain in September 2020. It enabled the creation of smart contracts and a staking mechanism for the native token of both blockchains, Binance Coin (BNB).
In the short nine months of its existence, there have been a multitude of decentralized finance projects, DeFi for short, built on top of it, but there have also been numerous cases of hacks in blockchain protocols.
The latest victim in the line of exploits is the Spartan protocol. The synthetic assets liquidity platform was the target of an attack that caused a loss of $ 30 million to the log on May 2. According to blockchain security firm PeckShield, The hack allowed the malicious actors to inflate the balance of a particular liquidity pool and burn liquidity provider tokens for a significant number of cryptocurrencies that were in the pool. This is also known as Flash Loan Attack or Flash Loan Attack in Spanish.
Cointelegraph discussed the root cause of this hack with Michael Perklin, head of computer security for ShapeShift cryptocurrency trading platform, who said: “The main cause of the Spartan hack appears to have been an error in the order of operations in the smart contract“adding:
“Just as Spartan contracts were planned, some deals were done sooner after the pool liquidity was updated than before, so attackers could control the price of tokens in the pool based on their deposits.”
According to rect The Spartan Protocol hack is the sixth largest DeFi hack in the history of the domain. Three of the six main exploited value hacks were performed in BSC protocols, the other two are Uranium Finance and Meerkat Finance hacks. In addition to these hacks, it even offers the main DeFi protocol from BSC, PancakeSwap and Cream Finance They were used in phishing attacks to steal money.
In the Uranium Finance hack on April 28, $ 50 million was stolen from the automated market-making platform. The hacker took advantage of a bug in the logic of the uranium balance modifier to multiply the project balance by 100. This was the platform’s second hack in quick succession. The first was on April 10th when the hacker stole $ 1.3 million from the log. Because of this hack, the protocol was migrated to iteration v2 of its code.
In the “Meerkat Finance” exploit, users lost $ 31 million on the platform because the developers allegedly carried out “rug pull” in Spanish. A carpet pull is a type of scam that withdraws support from pools of liquidity within the decentralized market.
Lack of due diligence and decentralization
BSC is a chain that is compatible with the Ethereum Virtual Machine. This means that the network is essentially using logic similar to that of the Ethereum blockchain. However, The main difference is the decentralization. BSC is pretty centralized and uses an Authorized Proof of Stake consensus algorithm.
Instead of having validators across the network – as is the case with Ethereum – BSC has 21 validators who are selected from the network and are responsible for the network status and validation responsibility. With only 21 validators on the network, it is very centralized compared to other blockchains.
The blockchain trilemma, a term coined by Ethereum co-founder Vitalik Buterin, describes the improbability of a blockchain that has the following three properties: Decentralization, security and scalability. Essentially, this means that improving one of these three aspects would mean that the other two aspects would be compromised to some extent.
Since BSC seems to jeopardize the decentralization aspect, it may also mean that there should be several sources of error that hackers want to exploit. Marie Tatibouet, Gate.io Marketing Director â ???? a cryptocurrency exchange – said Cointelegraph: “Centralized exchanges and channels are much riskier than their decentralized counterparts because of their inherent structure. A decentralized system distributes its risks over the entire network and reduces structural weaknesses.“”
Because the BSC is a public and unlicensed infrastructure, developers can create and deploy DeFi logs without censorship. The responsibility for understanding the risks posed by DeFi protocols in the network therefore rests even more with the users. Martin Gasper, CrossTower Research Analyst A Digital Asset Exchange – told Cointelegraph:
“An important consideration for BSC protocols is that they are relatively new compared to many well-known Ethereum DeFi protocols that have withstood the test of time and many audits of their code. Newer projects at BSC may have their code written as well from less experienced developers, which creates additional risks for users who deposit cryptocurrency with them. “
Although the DeFi protocols smart contracts were tampered with and exploited in the above hacks, this is not really reflected in the security loopholes inherent in the BSC network. Cointelegraph contacted Binance for their thoughts on these attacks. Although refusing to comment on the specific hacks, the exchange rep compared them to Ethereum in the early stages of DeFi, making users accountable. Binance spokesman said:
“In the ICO boom of 2017, several ICOs and projects built on Ethereum were fraudulent and many were vulnerable to attack. This does not mean that the Ethereum blockchain has security flaws, just that investors do not know that they are pleased are prey for project security breaches. New retail users have not adequately assessed their risks. “
However, ConsenSys Labs, a blockchain technology company that powers the Ethereum infrastructure, maintains a Smart Contract Best Practices page from Ethereum, which lists several known attacks and other key aspects of the Smart Contracts being deployed. However, There is no similar page for BSC.
Tatibouet also believed that “lack of care” caused these hacks regarding the centralization of BSC. “They give the go-ahead for hundreds of projects every week. Because of their centralized approach, they simply don’t have the staff to do the necessary reviews.” He also noted that Uranium Finance didn’t even reveal which company had reviewed its code, which in itself should have been a big red flag.
BSC’s growth is due to gas prices at Ethereum
Ethereum has faced the problem of high gas rates in the past few months. Because of this, several users have stopped using DeFi applications on the network. In comparison, because of its centrality, BSC has significantly lower gas rates and faster block generation than Ethereum. Ethereum gas prices topped 300 Gwei so far in May after Berlin’s hard fork that reportedly cut gas prices. In comparison, BSC’s gas prices are extremely low and the average gas price is currently 6.6 Gwei.
It is this difference in gas prices that has led several DeFi protocols and retail investors to this network. The Binance spokesman added, “Developers can worry less about costs and focus more on innovation. Higher transaction speeds and lower transaction costs have accelerated their usefulness since their launch last year ± or most recently.”
On May 9, BSC’s daily transactions hit their all-time high of 9.7 million, as did Ethereum’s daily transactions on the same day, where they hit their all-time high of 1.7 million. That is almost six times the Ethereum transactions. This is a sign of the increasing adoption of the BSC network as more and more DeFi protocols use it. When comparing between The two networks, however, meant Gasper
“There seems to be relatively little innovation at BSC, as many of the network’s projects are modeled on Ethereum’s main DeFi protocols. Ethereum also has a wider range of products and more developers working on it and in products for it in relation to BSC “.
The total blocked value (TVL) for the English acronym on the BSC network is currently nearly $ 46 billion, up 60% from the TVL of $ 28.6 billion a month ago. Given the increasing adoption of BSC, due to its centralized approach and lack of diligence, it is very important that users exercise caution and do thorough research before investing in internet hosted logs.