Catalyst enables direct atomic swaps between different blockchains, such as Ethereum, Cosmos, and rollups like Optimism and Eclipse — eliminating the need for bridged assets.
Catalyst’s Incentivized Message Escrow protocol serves as an abstraction layer between Arbitrary Message Bridges and the applications that use them. It allows applications to send messages across chains in a trustless manner. The protocol is designed to be chain-agnostic, meaning that it can be used with any blockchain compatible with EVM.
Revision 1.0
Catalyst engaged Ackee Blockchain to perform a security review of the Generalised Incentives protocol with a total time donation of 10 engineering days in a period between April 15 and April 26, 2024, with Andrey Babushkin as the lead auditor.
Revision 1.1
After discussing the issue with the ‘MessageDelivered’ event it reclassified from a warning to a medium severity issue since the insufficient information in the logs could cause a Denial of Service for a specific message.
METHODOLOGY
Revision 1.0
We began our review using static analysis tools, including Wake. We then took a deep dive into the logic of the contracts. For testing and fuzzing, we have involved the Wake testing framework. To test the arithmetics of fee calculation when a time delta is set, we performed a fuzz test using Wake (Appendix C). This fuzz test helped to identify the floating timestamps issue (L2).
During the review, we paid special attention to:
- ensuring message payloads are correctly transmitted and validated,
- ensuring the arithmetic of the system is correct,
- enumerating all entry points to the contract and their possible abuse scenarios,
- validating the integration with the Wormhole and IBC protocols,
- looking for common issues such as data validation.
Revision 1.1
In revision 1.1, we manually reviewed the changes made to the contracts and the fixes of the issues found in the previous review.
SCOPE
Revision 1.0: The audit was initially performed on the commit e410087.
Revision 1.1: Each issue was reviewed on individual commits (see complete audit report).
FINDINGS
Here we present our findings.
Critical severity
C1: Fake escrow can craft ACK packets with any messageIdentifier and withdraw all bounties
Medium severity
M1: Fee recipient addresses are not validated against the zero address
M2: Insufficient validation of a disabled route may lead to the locked Ether
M3: MessageDelivered event is used for both successful and failed calls
Low severity
L1: Large messages may not be delivered due to different block gas limits on different chains
L2: Unfair fee distribution due to floating block.timestamp
L3: Usage of send and transfer can make the escrow unusable for smart- contract relayers
Warning severity
W1: Usage of solc optimizer Warning 1.0 Acknowledged
W2: block.timestamp can be different on different chains
W3: Too small or too large time deltas make the fee distribution unfair
W4: Setting insufficient gas for a call will lead to undelivered messages and locked assets
W5: From applications are not validated for being a smart contract
W6: Paying the maximum gas fee for timeouts may incentivize relayers not to deliver messages
W7: True and logged to the event gas spent values are different
W8: Relayers are not protected against a malicious escrow on the destination chain
W9: A compiler bug may create dirty storage bytes
Information severity
I1: Unused declarations Info 1.0 Acknowledged
I2: Improve protocol documentation
I3: Use maximum line length Info 1.0 Acknowledged
CONCLUSION
Our review resulted in 19 findings, ranging from Critical to Information severity.
All of the serious issues found were properly addressed by the Catalyst team. The main focus was on the changes made to the contracts and the fixes of the issues found in the previous review. The review was performed by Andrey Babushkin. See Revision 1.1 for the review of the updated codebase and additional information we consider essential for the current scope. Out of the 19 findings, 8 were fixed, and others were acknowledged.
Recommendations
Ackee Blockchain recommends Catalyst:
- pay special attention to data validation in the payload and input parameters,
- address the issue of non-deliverable messages and locked tokens,
- consider using the latest version of the Solidity compiler,
- address all other reported issues.
Ackee Blockchain’s full Catalyst audit report with a more detailed description of all findings and recommendations can be found here.
We were delighted to audit Catalyst and look forward to working with them again.
Final Note
In the given time donation and after all reported issues were fixed, the auditing team doesn’t see any issue that would lead to a loss of funds or any other catastrophic consequences. The confidence of the auditing team is based on a manual review and a fuzz testing model.
