catalyst It enables direct atomic exchanges between different blockchains such as Ethereum, Cosmos and rollups such as Optimism and Eclipse, eliminating the need for bridge assets.
Catalyst’s Incentive Message Escrow Protocol serves as an abstraction layer between arbitrary message bridges and the applications that use them. This allows applications to send messages across the chain in a trustless manner. This protocol is designed to be chain-agnostic. This means that it can be used on any blockchain that is compatible with EVM.
Revision 1.0
Catalyst hired Ackee Blockchain to conduct a security review of the Generalized Incentives protocol, donating a total of 10 days of engineering time from April 15 to April 26, 2024, with Andrey Babushkin as lead auditor.
Revision 1.1
After discussing the issue with the ‘MessageDelivered’ event, it has been reclassified from a warning to a medium severity issue because insufficient information in the logs could lead to a denial of service for certain messages.
Revision 1.0
We began our review using static analysis tools, including: wake up. We then took a closer look at the logic of the contract. For testing and fuzzing we use wake up Test framework. To test the fee calculation arithmetic when the time delta is set, we performed a fuzz test using Wake (Appendix C). This fuzz test helped us identify the floating timestamp issue (L2).
During the review process, we paid special attention to the following:
- Verifies that the message payload is sent and validated correctly.
- Verify that the system’s calculations are correct,
- List all entry points into the contract and possible abuse scenarios;
- Verifies integration with Wormhole and IBC protocols,
- I’m looking for common problems like data validation.
Revision 1.1
Revision 1.1 involved a manual review of contract changes and corrections to issues discovered in previous reviews.
Revision 1.0: Audit was initially performed on commit e410087.
Revision 1.1: Each issue has been reviewed for individual commits (see full audit report).
We present our findings here.
critical severity
C1: Fake Escrow can craft an ACK packet with messageIdentifier and withdraw all bounties.
medium severity
M1: Fee recipient address is not verified against 0 address.
M2: Insufficient validation of disabled paths may result in Ether being locked.
M3: The MessageDelivered event is used for both successful and failed calls.
low severity
L1: Because the block gas limit is different for each chain, large messages may not be delivered.
L2: Unfair fee distribution due to floating blocks. Timestamp
Using L3: Transfer and Transmit may render escrow unavailable to smart contract intermediaries.
warning severity
W1: solc optimizer usage warning 1.0 confirmed
W2: block.timestamp may vary from chain to chain.
W3: If the time difference is too small or too large, the fee distribution becomes unfair.
W4: If you under-gas your call, your messages may not be delivered and your assets may be locked.
W5: The application has not been verified as a smart contract.
W6: Paying a maximum gas fee for timeouts can incentivize relayers not to forward messages.
W7: Gas consumption values recorded in True and Event are different.
W8: Relayers are not protected from malicious escrows on the target chain.
W9: Compiler bug may result in dirty storage bytes
Information Severity
I1: Unused declaration information 1.0 checked
I2: Improved protocol documentation
I3: Maximum line length usage information 1.0 confirmed
Our review resulted in 19 findings ranging from Severe to Informational severity.
Any serious issues discovered were addressed appropriately by the Catalyst team. The main focus was on contract changes and corrections to issues discovered in previous reviews. The review was conducted by Andrey Babushkin. Please refer to revision 1.1 for a review of the updated codebase and any additional information deemed essential to the current scope. Of the 19 results, 8 were revised and the rest were accepted.
Recommendation
Ackee Blockchain recommends Catalyst.
- Pay special attention to data validation of payloads and input parameters.
- Addresses issues with undeliverable messages and locked tokens.
- Consider using the latest version of the Solidity compiler.
- Addresses all other reported issues.
You can find Ackee Blockchain’s full Catalyst audit report, which includes a more detailed description of all findings and recommendations. here.
We were delighted to thank Catalyst and look forward to working with them again.
final note
After donations were made over a given period of time and all reported issues were corrected, the audit team found no issues that could have resulted in loss of funds or other catastrophic results. The audit team’s confidence is based on manual reviews and fuzzy testing models.