Binance Smart Chain – is BSC a secure platform?

In this article we take a look at the Binance Smart Chain blockchain platform. We understand how it integrates with Binance Chain and supports the development of dApps together with security considerations.

What is Binance Smart Chain?

Binance Smart Chain (BSC) is a blockchain that runs in parallel to Binance Chain (BC) – “a Parallel Binance Chain to Enable Smart Contracts”. BSC brings programmability and interoperability to BC.

BSC is defined as:

This dual-chain architecture will empower its users to build their decentralized apps and digital assets on one blockchain and take advantage of the fast trading to exchange on the other.

BC is defined as:

A fast and secure decentralized digital asset exchange based on the highly performant matching engine built on distributed consensus.

BSC communicates with BC via ‘native cross-chain communication’ using the PoSA (Proof of Stake Authority) consensus mechanism. This enables the creation of Smart Contracts for tokens on the Binance blockchain.

In short PoSA is a combination of PoS (Proof of Stake) and PoA (Proof of Authority). The primary benefit is that PoSA enables BSC users to benefit from high performance. Staking is carried out by users and validators using the BNB AltCoin and in turn they earn rewards.

It is possible for dApps to be built using both the Binance DEX and crypto assets (tokens/AltCoins) on a single blockchain. These dApps bring DeFi functionality to a CeFi platform e.g. trading, staking, financial transfers and more.

  • CeFi – Centralized Finance
  • dApps – Decentralized Apps
  • DeFi – Decentralized Finance
  • DEX – Decentralized Exchange

Binance (Smart) Chain features

BCS core features

  • EVM Compatible – BSC supports Ethereum Virtual Machine which means that any Smart Contract that is EVM compatible can be ported to BSC.
  • PoSA – 21 validators use this consensus mechanism to commit new blocks to the blockchain. Validators are chosen based on Staking and use their private keys to sign blocks with cryptographic signatures. PoSA helps support short block times and lowers processing fees.
  • Cross-Chain Transfer – the native cross chain communication protocol between BC & BSC uses two Relayers:
    • BSC Relayer – for BC to BSC communications such as:
      • Bind requests
      • Token transfers
      • Refunds
      • BSC Staking
      • Governance
    • Oracle Relayer – for monitoring events on BSC and then builds & broadcasts Oracle transactions to BC.
  • Block time – creating a new block within the blockchain and storing the data within it takes ~3 seconds.

BC core features

  • BEP-2 Token – this is the standard for creating and using new tokens on BC. It is similar to ERC-20 on the Ethereum blockchain in that it defines a set of rules and technical specifications for tokens to follow in order to work on BC/BSC.
  • Pegged Coins – examples of these are BEP2 BTC & BEP2 ETH which are backed by the native currency such as BitCoin & Ethereum that are held in reserve. These are ‘pegged’ on a 1:1 basis e.g. depositing 1 x BTC will allow the withdrawal of 1 x BEP2 BTC to a BC address (Wallet). Pegged Coins allow traders on the Binance DEX access to other blockchains that are not native on BC.
  • PoS & BFT – the Proof of Stake aspect of BC uses Tendermint BFT (Byzantine Fault Tolerant) middleware for consensus and as a dedicated application layer.
  • Governance – this built-in module allows holders of BNB (Binance coin) to submit proposals for adding new trading pairs. This proposal is then voted upon by other holders of BNB. Other types of proposals can also be submitted e.g. delisting an existing trading pair.
  • Orderbook / Match Engine – this is the matching of Makers & Takers in order to fulfill orders using periodic auctions on the Binance DEX.
  • Cross-Chain Transfer – see explanation in previous section.

BSC-based solutions

Some examples of dApps that are built on top of BSC include:

  • Alpaca Finance (ALPACA) – the largest lending protocol allowing leveraged yield farming. Lenders can earn safe & stable yields by offering borrowers undercollateralized loans.
    • “Let this majestic South American mammal take your yields to new heights”
  • ApeSwap Finance (BANANA) – an AMM, yield farming & staking platform. $BANANA is the native currency that can be staked, pooled & earned.
    • “Why be a human, when you can be an ape?”
  • Biswap (BSW) – a decentralized exchange platform for swapping BEP-20 tokens and promises the lowest exchange fees of 0.1%.
    • “The First DEX on BSC network with a three-type referral system”
  • CryptoMines (ETERNAL) – a Play to Earn NFT game where Mining Power (MP) can be acquired. Workers are minted, transported by Spaceships & hired to provide MP.
    • “Sci-Fi NFT Game (Play to Earn) on Binance Smart Chain”
  • MOBOX Protocol (MBOX) – combines yield farming with gaming NFTs and is both cross chain & cross platform.
  • Pancake Bunny (BUNNY) – a yield aggregator that uses PancakeSwap. Maximizer pools are offered to obtain profits from certain pools.
    • “Bunny is a Defi Yield Farming Aggregator and Optimizer for the Binance Smart Chain and Polygon”
  • PancakeSwap (CAKE) – a DeFi AMM allowing users to exchange tokens, provide liquidity via farming, and earn rewards for staking.
    • “Trade, earn, and win crypto on the most popular decentralized platform in the galaxy”
  • Venus (XVS) – a DeFi algorithmic money market and synthetic stable coin protocol for lending & borrowing crypto assets.
    • “A Decentralized Marketplace for Lenders and Borrowers with Borderless Stablecoins”

AMM – Automated Market Maker
DeFi – Decentralized Finance
NFT – Non-Fungible Token

Is BSC secure?

There are many areas and aspects of security applies within BSC:

  • Open-source:
    • the code being used to run the BSC blockchain is open-source and therefore available for 3rd party and public auditing.
  • PoSA:
    • the Proof of Stake Authority algorithm uses 21 validators to provide consensus when verifying transactions. This prevents an individual validator from gaining control over the network or corrupting blocks.
  • Threshold Signature Scheme (TSS):
    • “a cryptographic protocol for distributed key generation and signing”.
    • this is where a signature is constructed by giving each participant in a transaction a share of the private key. To sign the transaction and construct the whole private key a majority of the participants must join.
  • Validator security:
    • each validator runs on its own platform and has its own security. This diversity increases the resilience to attacks of the network as a whole.
    • DDoS (Distributed Denial of Service) attacks are a real threat for Internet-based systems so each validator is encouraged to adopt a Sentry Node architecture.

To date BSC itself has had no security incidents or fallen foul of any successful hacking attempts. The security side of BSC includes the use of the items listed above together with rigorous testing using bounty programs.

Are there risks using BSC dApps?

Due to the decentralized nature of BSC, dApps that are built upon it have no centralized review process or governance. This opens up potential flaws in the code running these solutions and will vary depending of the development teams working on these projects.

There are multiple BSC security companies like Peckshield and Certik that audit and verify different BSC tokens and dApps. Delicate security audits look for potential vulnerabilities in the code, business model, and other aspects. They also often verify the core team members, review their previous experience, or audit the project’s finance. However, these audits are not mandatory and they rarely cover new or emerging dApps.

For further information on the safety of BSC please click here.

Past exploits

Below are some past exploits of dApps built on top of BSC:

Further Information

Ever worked on Binance Smart Chain based projects or been a victim of cyber crime on one of BSC dApps? If so please comment below and share your experience?

Leave a Reply