Catalyst enables direct atomic swaps between different blockchains, such as Ethereum, Cosmos, and rollups like Optimism and Eclipse — eliminating the need for bridged assets.

Catalyst’s Incentivized Message Escrow protocol serves as an abstraction layer between Arbitrary Message Bridges and the applications that use them. It allows applications to send messages across chains in a trustless manner. The protocol is designed to be chain-agnostic, meaning that it can be used with any blockchain compatible with EVM.

Revision 1.0

Catalyst engaged Ackee Blockchain to perform a security review of the Generalised Incentives protocol with a total time donation of 10 engineering days in a period between April 15 and April 26, 2024, with Andrey Babushkin as the lead auditor.

Revision 1.1

After discussing the issue with the ‘MessageDelivered’ event it reclassified from a warning to a medium severity issue since the insufficient information in the logs could cause a Denial of Service for a specific message.

METHODOLOGY

Revision 1.0

We began our review using static analysis tools, including Wake. We then took a deep dive into the logic of the contracts. For testing and fuzzing, we have involved the Wake testing framework. To test the arithmetics of fee calculation when a time delta is set, we performed a fuzz test using Wake (Appendix C). This fuzz test helped to identify the floating timestamps issue (L2).

 

During the review, we paid special attention to:

  • ensuring message payloads are correctly transmitted and validated,
  • ensuring the arithmetic of the system is correct,
  • enumerating all entry points to the contract and their possible abuse scenarios,
  • validating the integration with the Wormhole and IBC protocols,
  • looking for common issues such as data validation.

 

Revision 1.1

In revision 1.1, we manually reviewed the changes made to the contracts and the fixes of the issues found in the previous review.

SCOPE

Revision 1.0: The audit was initially performed on the commit e410087.

Revision 1.1: Each issue was reviewed on individual commits (see complete audit report).

FINDINGS

Here we present our findings.

Critical severity

C1: Fake escrow can craft ACK packets with any messageIdentifier and withdraw all bounties 

Medium severity

M1: Fee recipient addresses are not validated against the zero address

M2: Insufficient validation of a disabled route may lead to the locked Ether

M3: MessageDelivered event is used for both successful and failed calls

Low severity

L1: Large messages may not be delivered due to different block gas limits on different chains

L2: Unfair fee distribution due to floating block.timestamp

L3: Usage of send and transfer can make the escrow unusable for smart- contract relayers

 

Warning severity

W1: Usage of solc optimizer Warning 1.0 Acknowledged

W2: block.timestamp can be different on different chains

W3: Too small or too large time deltas make the fee distribution unfair

W4: Setting insufficient gas for a call will lead to undelivered messages and locked assets

W5: From applications are not validated for being a smart contract

W6: Paying the maximum gas fee for timeouts may incentivize relayers not to deliver messages

W7: True and logged to the event gas spent values are different

W8: Relayers are not protected against a malicious escrow on the destination chain

W9: A compiler bug may create dirty storage bytes

 

Information severity

I1: Unused declarations Info 1.0 Acknowledged

I2: Improve protocol documentation

I3: Use maximum line length Info 1.0 Acknowledged

 

CONCLUSION

Our review resulted in 19 findings, ranging from Critical to Information severity. 

 

All of the serious issues found were properly addressed by the Catalyst team. The main focus was on the changes made to the contracts and the fixes of the issues found in the previous review. The review was performed by Andrey Babushkin. See Revision 1.1 for the review of the updated codebase and additional information we consider essential for the current scope. Out of the 19 findings, 8 were fixed, and others were acknowledged.

 

Recommendations

Ackee Blockchain recommends Catalyst:

  • pay special attention to data validation in the payload and input parameters, 
  • address the issue of non-deliverable messages and locked tokens,
  • consider using the latest version of the Solidity compiler,
  • address all other reported issues.

 

Ackee Blockchain’s full Catalyst audit report with a more detailed description of all findings and recommendations can be found here.

 

We were delighted to audit Catalyst and look forward to working with them again.

 

Final Note

In the given time donation and after all reported issues were fixed, the auditing team doesn’t see any issue that would lead to a loss of funds or any other catastrophic consequences. The confidence of the auditing team is based on a manual review and a fuzz testing model.