Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • TRADING
  • SUBMIT
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • TRADING
  • SUBMIT
Crypto Flexs
Home»HACKING NEWS»Catalyst: Generalized Incentive Audit Summary
HACKING NEWS

Catalyst: Generalized Incentive Audit Summary

By Crypto FlexsJune 6, 20244 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Catalyst: Generalized Incentive Audit Summary
Share
Facebook Twitter LinkedIn Pinterest Email

catalyst It enables direct atomic exchanges between different blockchains such as Ethereum, Cosmos and rollups such as Optimism and Eclipse, eliminating the need for bridge assets.

Catalyst’s Incentive Message Escrow Protocol serves as an abstraction layer between arbitrary message bridges and the applications that use them. This allows applications to send messages across the chain in a trustless manner. This protocol is designed to be chain-agnostic. This means that it can be used on any blockchain that is compatible with EVM.

Revision 1.0

Catalyst hired Ackee Blockchain to conduct a security review of the Generalized Incentives protocol, donating a total of 10 days of engineering time from April 15 to April 26, 2024, with Andrey Babushkin as lead auditor.

Revision 1.1

After discussing the issue with the ‘MessageDelivered’ event, it has been reclassified from a warning to a medium severity issue because insufficient information in the logs could lead to a denial of service for certain messages.

Revision 1.0

We began our review using static analysis tools, including: wake up. We then took a closer look at the logic of the contract. For testing and fuzzing we use wake up Test framework. To test the fee calculation arithmetic when the time delta is set, we performed a fuzz test using Wake (Appendix C). This fuzz test helped us identify the floating timestamp issue (L2).

During the review process, we paid special attention to the following:

  • Verifies that the message payload is sent and validated correctly.
  • Verify that the system’s calculations are correct,
  • List all entry points into the contract and possible abuse scenarios;
  • Verifies integration with Wormhole and IBC protocols,
  • I’m looking for common problems like data validation.

Revision 1.1

Revision 1.1 involved a manual review of contract changes and corrections to issues discovered in previous reviews.

Revision 1.0: Audit was initially performed on commit e410087.

Revision 1.1: Each issue has been reviewed for individual commits (see full audit report).

We present our findings here.

critical severity

C1: Fake Escrow can craft an ACK packet with messageIdentifier and withdraw all bounties.

medium severity

M1: Fee recipient address is not verified against 0 address.

M2: Insufficient validation of disabled paths may result in Ether being locked.

M3: The MessageDelivered event is used for both successful and failed calls.

low severity

L1: Because the block gas limit is different for each chain, large messages may not be delivered.

L2: Unfair fee distribution due to floating blocks. Timestamp

Using L3: Transfer and Transmit may render escrow unavailable to smart contract intermediaries.

warning severity

W1: solc optimizer usage warning 1.0 confirmed

W2: block.timestamp may vary from chain to chain.

W3: If the time difference is too small or too large, the fee distribution becomes unfair.

W4: If you under-gas your call, your messages may not be delivered and your assets may be locked.

W5: The application has not been verified as a smart contract.

W6: Paying a maximum gas fee for timeouts can incentivize relayers not to forward messages.

W7: Gas consumption values ​​recorded in True and Event are different.

W8: Relayers are not protected from malicious escrows on the target chain.

W9: Compiler bug may result in dirty storage bytes

Information Severity

I1: Unused declaration information 1.0 checked

I2: Improved protocol documentation

I3: Maximum line length usage information 1.0 confirmed

Our review resulted in 19 findings ranging from Severe to Informational severity.

Any serious issues discovered were addressed appropriately by the Catalyst team. The main focus was on contract changes and corrections to issues discovered in previous reviews. The review was conducted by Andrey Babushkin. Please refer to revision 1.1 for a review of the updated codebase and any additional information deemed essential to the current scope. Of the 19 results, 8 were revised and the rest were accepted.

Recommendation

Ackee Blockchain recommends Catalyst.

  • Pay special attention to data validation of payloads and input parameters.
  • Addresses issues with undeliverable messages and locked tokens.
  • Consider using the latest version of the Solidity compiler.
  • Addresses all other reported issues.

You can find Ackee Blockchain’s full Catalyst audit report, which includes a more detailed description of all findings and recommendations. here.

We were delighted to thank Catalyst and look forward to working with them again.

final note

After donations were made over a given period of time and all reported issues were corrected, the audit team found no issues that could have resulted in loss of funds or other catastrophic results. The audit team’s confidence is based on manual reviews and fuzzy testing models.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

KuCoin unveils Celestia Stage as Tomorrowland Belgium 2026 partnership expands

July 18, 2026

Videos and Podcasts | Vault 12

July 14, 2026

Kresus launches cryptocurrency inheritance service for self-managed wallet users.

July 12, 2026
Add A Comment

Comments are closed.

Recent Posts

ETA CEO Expects More Partnerships with Bitcoin Startups in the Future

July 19, 2026

FTX plans to pay $900 million to creditors when the fifth distribution begins on July 31.

July 18, 2026

KuCoin unveils Celestia Stage as Tomorrowland Belgium 2026 partnership expands

July 18, 2026

The next chapter for XRP price could be a strong move to the upside

July 18, 2026

What is it and why is it negative?

July 18, 2026

Numerai Completes Third Strategic NMR Buyback, Bringing Total Repurchases To $3.2 Million

July 17, 2026

As open interest rose and oversold conditions intensified, PI’s eyes rallied.

July 17, 2026

Ether.fi Partners With Nexus Mutual To Protect Against ETH Slashing At Institutional Scale

July 17, 2026

MEXC Adds Five Ondo Tokenized Stocks Spanning Semiconductors To Power Infrastructure

July 17, 2026

Bybit Reports Lowest BTC Spot Slippage Among Major Crypto Exchanges In Q1 2026, Driven By Rapid Price Improvement Mechanism

July 17, 2026

XRP hit $1.20 as Upbit flows hit their highest share since May 2024.

July 17, 2026

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

ETA CEO Expects More Partnerships with Bitcoin Startups in the Future

July 19, 2026

FTX plans to pay $900 million to creditors when the fifth distribution begins on July 31.

July 18, 2026

KuCoin unveils Celestia Stage as Tomorrowland Belgium 2026 partnership expands

July 18, 2026
Most Popular

BlackRock acquired $589 million in Bitcoin and Ethereum in just three days.

November 29, 2025

DOJ arrests early Bitcoin investor ‘Bitcoin Jesus’ Roger Ver on tax fraud charges

May 1, 2024

No Deposit Betting Benefits: A Comprehensive Overview

March 11, 2024
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2026 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.