Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • TRADING
  • HACKING
  • SLOT
  • CASINO
  • SUBMIT
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • TRADING
  • HACKING
  • SLOT
  • CASINO
  • SUBMIT
Crypto Flexs
Home»HACKING NEWS»Catalyst: Generalized Incentive Audit Summary
HACKING NEWS

Catalyst: Generalized Incentive Audit Summary

By Crypto FlexsJune 6, 20244 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Catalyst: Generalized Incentive Audit Summary
Share
Facebook Twitter LinkedIn Pinterest Email

catalyst It enables direct atomic exchanges between different blockchains such as Ethereum, Cosmos and rollups such as Optimism and Eclipse, eliminating the need for bridge assets.

Catalyst’s Incentive Message Escrow Protocol serves as an abstraction layer between arbitrary message bridges and the applications that use them. This allows applications to send messages across the chain in a trustless manner. This protocol is designed to be chain-agnostic. This means that it can be used on any blockchain that is compatible with EVM.

Revision 1.0

Catalyst hired Ackee Blockchain to conduct a security review of the Generalized Incentives protocol, donating a total of 10 days of engineering time from April 15 to April 26, 2024, with Andrey Babushkin as lead auditor.

Revision 1.1

After discussing the issue with the ‘MessageDelivered’ event, it has been reclassified from a warning to a medium severity issue because insufficient information in the logs could lead to a denial of service for certain messages.

Revision 1.0

We began our review using static analysis tools, including: wake up. We then took a closer look at the logic of the contract. For testing and fuzzing we use wake up Test framework. To test the fee calculation arithmetic when the time delta is set, we performed a fuzz test using Wake (Appendix C). This fuzz test helped us identify the floating timestamp issue (L2).

During the review process, we paid special attention to the following:

  • Verifies that the message payload is sent and validated correctly.
  • Verify that the system’s calculations are correct,
  • List all entry points into the contract and possible abuse scenarios;
  • Verifies integration with Wormhole and IBC protocols,
  • I’m looking for common problems like data validation.

Revision 1.1

Revision 1.1 involved a manual review of contract changes and corrections to issues discovered in previous reviews.

Revision 1.0: Audit was initially performed on commit e410087.

Revision 1.1: Each issue has been reviewed for individual commits (see full audit report).

We present our findings here.

critical severity

C1: Fake Escrow can craft an ACK packet with messageIdentifier and withdraw all bounties.

medium severity

M1: Fee recipient address is not verified against 0 address.

M2: Insufficient validation of disabled paths may result in Ether being locked.

M3: The MessageDelivered event is used for both successful and failed calls.

low severity

L1: Because the block gas limit is different for each chain, large messages may not be delivered.

L2: Unfair fee distribution due to floating blocks. Timestamp

Using L3: Transfer and Transmit may render escrow unavailable to smart contract intermediaries.

warning severity

W1: solc optimizer usage warning 1.0 confirmed

W2: block.timestamp may vary from chain to chain.

W3: If the time difference is too small or too large, the fee distribution becomes unfair.

W4: If you under-gas your call, your messages may not be delivered and your assets may be locked.

W5: The application has not been verified as a smart contract.

W6: Paying a maximum gas fee for timeouts can incentivize relayers not to forward messages.

W7: Gas consumption values ​​recorded in True and Event are different.

W8: Relayers are not protected from malicious escrows on the target chain.

W9: Compiler bug may result in dirty storage bytes

Information Severity

I1: Unused declaration information 1.0 checked

I2: Improved protocol documentation

I3: Maximum line length usage information 1.0 confirmed

Our review resulted in 19 findings ranging from Severe to Informational severity.

Any serious issues discovered were addressed appropriately by the Catalyst team. The main focus was on contract changes and corrections to issues discovered in previous reviews. The review was conducted by Andrey Babushkin. Please refer to revision 1.1 for a review of the updated codebase and any additional information deemed essential to the current scope. Of the 19 results, 8 were revised and the rest were accepted.

Recommendation

Ackee Blockchain recommends Catalyst.

  • Pay special attention to data validation of payloads and input parameters.
  • Addresses issues with undeliverable messages and locked tokens.
  • Consider using the latest version of the Solidity compiler.
  • Addresses all other reported issues.

You can find Ackee Blockchain’s full Catalyst audit report, which includes a more detailed description of all findings and recommendations. here.

We were delighted to thank Catalyst and look forward to working with them again.

final note

After donations were made over a given period of time and all reported issues were corrected, the audit team found no issues that could have resulted in loss of funds or other catastrophic results. The audit team’s confidence is based on manual reviews and fuzzy testing models.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Manual guide: beginner guide

September 11, 2025

The August password hacking was $ 163 million as the risk of Exchange increased.

September 7, 2025

RLUSD Stablecoin is extended to Africa to supply power to the border between the border.

September 5, 2025
Add A Comment

Comments are closed.

Recent Posts

Top 5 Crypto PR Agencies to Scale Your Blockchain Project in Europe

September 13, 2025

The price of Etherrium surges beyond $ 4,500. -Main level for monitoring more profits

September 12, 2025

BNBCapital Emerges As Top Immutable DeFi Protocol With 239% Returns And Zero Admin Functions

September 12, 2025

MEXC Enhances Futures Trading With Multi-Asset Margin Mode Across 14 Tokens

September 12, 2025

Ethereum Based Meme Coin Pepeto Presale Past $6.6 Million As Exchange Demo Launches

September 12, 2025

BlockchainFX Raises $7.24M In Presale As First Multi-Asset Super App Connecting Crypto, Stocks, And Forex Goes Live In Beta

September 12, 2025

Phemex Launches Multi-Assets Mode To Enhance Trading Efficiency And Risk Management

September 12, 2025

Ethereum Meme Coin Little Pepe Crosses $25M, Announces 15 ETH Giveaway

September 12, 2025

DOLLUM Expands Wallet Opportunities, Introducing New Security Features Following The DOL Token Sale

September 12, 2025

Ethena (ENA) Eye 50% rally, whale activities, transactions and users surge

September 12, 2025

Bitmine ‘s ethereum Holdings 46,255 Eth Buy 2.1 million units

September 12, 2025

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

Top 5 Crypto PR Agencies to Scale Your Blockchain Project in Europe

September 13, 2025

The price of Etherrium surges beyond $ 4,500. -Main level for monitoring more profits

September 12, 2025

BNBCapital Emerges As Top Immutable DeFi Protocol With 239% Returns And Zero Admin Functions

September 12, 2025
Most Popular

COTI launches the main net to trigger the new era of Web3 personal information.

March 27, 2025

BTC Price Plunges to $62,000 as Bitcoin Bulls Bet on M2 Money Supply

August 3, 2024

Solana beats Ethereum, Tron, and other L1s in this space.

February 16, 2024
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2025 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.