Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
  • TRADE
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
  • TRADE
Crypto Flexs
Home»HACKING NEWS»Catalyst: Generalized Incentive Audit Summary
HACKING NEWS

Catalyst: Generalized Incentive Audit Summary

By Crypto FlexsJune 6, 20244 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Catalyst: Generalized Incentive Audit Summary
Share
Facebook Twitter LinkedIn Pinterest Email

catalyst It enables direct atomic exchanges between different blockchains such as Ethereum, Cosmos and rollups such as Optimism and Eclipse, eliminating the need for bridge assets.

Catalyst’s Incentive Message Escrow Protocol serves as an abstraction layer between arbitrary message bridges and the applications that use them. This allows applications to send messages across the chain in a trustless manner. This protocol is designed to be chain-agnostic. This means that it can be used on any blockchain that is compatible with EVM.

Revision 1.0

Catalyst hired Ackee Blockchain to conduct a security review of the Generalized Incentives protocol, donating a total of 10 days of engineering time from April 15 to April 26, 2024, with Andrey Babushkin as lead auditor.

Revision 1.1

After discussing the issue with the ‘MessageDelivered’ event, it has been reclassified from a warning to a medium severity issue because insufficient information in the logs could lead to a denial of service for certain messages.

Revision 1.0

We began our review using static analysis tools, including: wake up. We then took a closer look at the logic of the contract. For testing and fuzzing we use wake up Test framework. To test the fee calculation arithmetic when the time delta is set, we performed a fuzz test using Wake (Appendix C). This fuzz test helped us identify the floating timestamp issue (L2).

During the review process, we paid special attention to the following:

  • Verifies that the message payload is sent and validated correctly.
  • Verify that the system’s calculations are correct,
  • List all entry points into the contract and possible abuse scenarios;
  • Verifies integration with Wormhole and IBC protocols,
  • I’m looking for common problems like data validation.

Revision 1.1

Revision 1.1 involved a manual review of contract changes and corrections to issues discovered in previous reviews.

Revision 1.0: Audit was initially performed on commit e410087.

Revision 1.1: Each issue has been reviewed for individual commits (see full audit report).

We present our findings here.

critical severity

C1: Fake Escrow can craft an ACK packet with messageIdentifier and withdraw all bounties.

medium severity

M1: Fee recipient address is not verified against 0 address.

M2: Insufficient validation of disabled paths may result in Ether being locked.

M3: The MessageDelivered event is used for both successful and failed calls.

low severity

L1: Because the block gas limit is different for each chain, large messages may not be delivered.

L2: Unfair fee distribution due to floating blocks. Timestamp

Using L3: Transfer and Transmit may render escrow unavailable to smart contract intermediaries.

warning severity

W1: solc optimizer usage warning 1.0 confirmed

W2: block.timestamp may vary from chain to chain.

W3: If the time difference is too small or too large, the fee distribution becomes unfair.

W4: If you under-gas your call, your messages may not be delivered and your assets may be locked.

W5: The application has not been verified as a smart contract.

W6: Paying a maximum gas fee for timeouts can incentivize relayers not to forward messages.

W7: Gas consumption values ​​recorded in True and Event are different.

W8: Relayers are not protected from malicious escrows on the target chain.

W9: Compiler bug may result in dirty storage bytes

Information Severity

I1: Unused declaration information 1.0 checked

I2: Improved protocol documentation

I3: Maximum line length usage information 1.0 confirmed

Our review resulted in 19 findings ranging from Severe to Informational severity.

Any serious issues discovered were addressed appropriately by the Catalyst team. The main focus was on contract changes and corrections to issues discovered in previous reviews. The review was conducted by Andrey Babushkin. Please refer to revision 1.1 for a review of the updated codebase and any additional information deemed essential to the current scope. Of the 19 results, 8 were revised and the rest were accepted.

Recommendation

Ackee Blockchain recommends Catalyst.

  • Pay special attention to data validation of payloads and input parameters.
  • Addresses issues with undeliverable messages and locked tokens.
  • Consider using the latest version of the Solidity compiler.
  • Addresses all other reported issues.

You can find Ackee Blockchain’s full Catalyst audit report, which includes a more detailed description of all findings and recommendations. here.

We were delighted to thank Catalyst and look forward to working with them again.

final note

After donations were made over a given period of time and all reported issues were corrected, the audit team found no issues that could have resulted in loss of funds or other catastrophic results. The audit team’s confidence is based on manual reviews and fuzzy testing models.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Safe smart account audit summary

June 27, 2025

Encryption Inheritance Update: June 2025

June 25, 2025

HyperLend Protocol Thanksgiving Summary -Ackee Blockchain

June 21, 2025
Add A Comment

Comments are closed.

Recent Posts

Checkpoint #4: Berlinterop | Ether Leeum Foundation Blog

June 28, 2025

TRON Price Propects USDT supply exceeded $ 80 billion

June 28, 2025

Stablecoin startups surpass 2021 venture capital peaks as institutional money spills.

June 28, 2025

No Altcoin Season 2025 ? Why Bitcoin Dominance Is Holding Strong In The Crypto Market

June 28, 2025

Why It Matters For Every Crypto Investor

June 27, 2025

Why It Matters For Every Crypto Investor

June 27, 2025

Safe smart account audit summary

June 27, 2025

CARV’s New Roadmap Signals Next Wave Of Web3 AI

June 27, 2025

CARV’s New Roadmap Signals Next Wave Of Web3 AI

June 27, 2025

Bybit Expands Global Reach With Credit Card Crypto Purchases In 25+ Currencies And Cashback Rewards

June 27, 2025

BYDFi Joins Seoul Meta Week 2025, Advancing Web3 Vision And South Korea Strategy

June 27, 2025

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

Checkpoint #4: Berlinterop | Ether Leeum Foundation Blog

June 28, 2025

TRON Price Propects USDT supply exceeded $ 80 billion

June 28, 2025

Stablecoin startups surpass 2021 venture capital peaks as institutional money spills.

June 28, 2025
Most Popular

What Polygon Miden Brings to the Table as Testnet Launches

May 8, 2024

HKMA warns against fake news and scam projects

January 26, 2025

Base.fun simplifies the Memecoin launch process with one click and $1.

May 18, 2024
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2025 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.