{"id":743,"date":"2024-06-05T16:13:18","date_gmt":"2024-06-05T14:13:18","guid":{"rendered":"https:\/\/ackee.xyz\/blog\/?p=743"},"modified":"2024-06-20T11:55:50","modified_gmt":"2024-06-20T09:55:50","slug":"catalyst-generalised-incentives-audit-summary","status":"publish","type":"post","link":"https:\/\/ackee.xyz\/blog\/catalyst-generalised-incentives-audit-summary\/","title":{"rendered":"Catalyst: Generalised Incentives audit summary"},"content":{"rendered":"<p><a href=\"https:\/\/catalyst.exchange\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Catalyst<\/span><\/a><span style=\"font-weight: 400;\"> enables direct atomic swaps between different blockchains, such as Ethereum, Cosmos, and rollups like Optimism and Eclipse \u2014 eliminating the need for bridged assets.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Catalyst\u2019s Incentivized Message Escrow protocol serves as an abstraction layer between Arbitrary Message Bridges and the applications that use them. It allows applications to send messages across chains in a trustless manner. The protocol is designed to be chain-agnostic, meaning that it can be used with any blockchain compatible with EVM.<\/span><\/p>\n<p><b>Revision 1.0<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Catalyst engaged Ackee Blockchain to perform a security review of the Generalised Incentives protocol with a total time donation of 10 engineering days in a period between April 15 and April 26, 2024, with Andrey Babushkin as the lead auditor.<\/span><\/p>\n<p><b>Revision 1.1<\/b><\/p>\n<p><span style=\"font-weight: 400;\">After discussing the issue with the \u2018MessageDelivered\u2019 event it reclassified from a warning to a medium severity issue since the insufficient information in the logs could cause a Denial of Service for a specific message.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span style=\"font-weight: 400;\">METHODOLOGY<\/span><\/h2>\n<p><b>Revision 1.0<\/b><\/p>\n<p><span style=\"font-weight: 400;\">We began our review using static analysis tools, including <\/span><a href=\"https:\/\/getwake.io\/\"><span style=\"font-weight: 400;\">Wake<\/span><\/a><span style=\"font-weight: 400;\">. We then took a deep dive into the logic of the contracts. For testing and fuzzing, we have involved the <\/span><a href=\"https:\/\/getwake.io\/\"><span style=\"font-weight: 400;\">Wake<\/span><\/a><span style=\"font-weight: 400;\"> testing framework. To test the arithmetics of fee calculation when a time delta is set, we performed a fuzz test using Wake (Appendix C). This fuzz test helped to identify the floating timestamps issue (L2).<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">During the review, we paid special attention to:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">ensuring message payloads are correctly transmitted and validated,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">ensuring the arithmetic of the system is correct,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">enumerating all entry points to the contract and their possible abuse scenarios,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">validating the integration with the Wormhole and IBC protocols,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">looking for common issues such as data validation.<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><b>Revision 1.1<\/b><\/p>\n<p><span style=\"font-weight: 400;\">In revision 1.1, we manually reviewed the changes made to the contracts and the fixes of the issues found in the previous review.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span style=\"font-weight: 400;\">SCOPE<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Revision 1.0: The audit was initially performed on the commit e410087.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Revision 1.1: Each issue was reviewed on individual commits (see complete <a href=\"https:\/\/github.com\/Ackee-Blockchain\/public-audit-reports\/blob\/master\/2024\/ackee-blockchain-catalyst-generalised-incentives-report.pdf\" target=\"_blank\" rel=\"noopener\">audit report<\/a>).<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span style=\"font-weight: 400;\">FINDINGS<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Here we present our findings.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Critical severity<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">C1: Fake escrow can craft ACK packets with any messageIdentifier and withdraw all bounties\u00a0<\/span><\/p>\n<h3><\/h3>\n<h3><span style=\"font-weight: 400;\">Medium severity<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">M1: Fee recipient addresses are not validated against the zero address<\/span><\/p>\n<p><span style=\"font-weight: 400;\">M2: Insufficient validation of a disabled route may lead to the locked Ether<\/span><\/p>\n<p><span style=\"font-weight: 400;\">M3: MessageDelivered event is used for both successful and failed calls<\/span><\/p>\n<h3><\/h3>\n<h3><span style=\"font-weight: 400;\">Low severity<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">L1: Large messages may not be delivered due to different block gas limits on different chains<\/span><\/p>\n<p><span style=\"font-weight: 400;\">L2: Unfair fee distribution due to floating block.timestamp<\/span><\/p>\n<p><span style=\"font-weight: 400;\">L3: Usage of send and transfer can make the escrow unusable for smart- contract relayers<\/span><\/p>\n<h3><\/h3>\n<h3><span style=\"font-weight: 400;\">Warning severity<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">W1: Usage of solc optimizer Warning 1.0 Acknowledged<\/span><\/p>\n<p><span style=\"font-weight: 400;\">W2: block.timestamp can be different on different chains<\/span><\/p>\n<p><span style=\"font-weight: 400;\">W3: Too small or too large time deltas make the fee distribution unfair<\/span><\/p>\n<p><span style=\"font-weight: 400;\">W4: Setting insufficient gas for a call will lead to undelivered messages and locked assets<\/span><\/p>\n<p><span style=\"font-weight: 400;\">W5: From applications are not validated for being a smart contract<\/span><\/p>\n<p><span style=\"font-weight: 400;\">W6: Paying the maximum gas fee for timeouts may incentivize relayers not to deliver messages<\/span><\/p>\n<p><span style=\"font-weight: 400;\">W7: True and logged to the event gas spent values are different<\/span><\/p>\n<p><span style=\"font-weight: 400;\">W8: Relayers are not protected against a malicious escrow on the destination chain<\/span><\/p>\n<p><span style=\"font-weight: 400;\">W9: A compiler bug may create dirty storage bytes<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"font-weight: 400;\">Information severity<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">I1: Unused declarations Info 1.0 Acknowledged<\/span><\/p>\n<p><span style=\"font-weight: 400;\">I2: Improve protocol documentation<\/span><\/p>\n<p><span style=\"font-weight: 400;\">I3: Use maximum line length Info 1.0 Acknowledged<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span style=\"font-weight: 400;\">CONCLUSION<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Our review resulted in 19 findings, ranging from Critical to Information severity.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">All of the serious issues found were properly addressed by the Catalyst team. The main focus was on the changes made to the contracts and the fixes of the issues found in the previous review. The review was performed by Andrey Babushkin. See Revision 1.1 for the review of the updated codebase and additional information we consider essential for the current scope. Out of the 19 findings, 8 were fixed, and others were acknowledged.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><b>Recommendations<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Ackee Blockchain recommends Catalyst:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">pay special attention to data validation in the payload and input parameters,\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">address the issue of non-deliverable messages and locked tokens,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">consider using the latest version of the Solidity compiler,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">address all other reported issues.<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><b>Ackee Blockchain\u2019s full Catalyst audit report with a more detailed description of all findings and recommendations can be found <\/b><a href=\"https:\/\/github.com\/Ackee-Blockchain\/public-audit-reports\/blob\/master\/2024\/ackee-blockchain-catalyst-generalised-incentives-report.pdf\" target=\"_blank\" rel=\"noopener\"><b>here<\/b><\/a><b>.<\/b><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">We were delighted to audit Catalyst and look forward to working with them again.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><b>Final Note<\/b><\/p>\n<p><span style=\"font-weight: 400;\">In the given time donation and after all reported issues were fixed, the auditing team doesn\u2019t see any issue that would lead to a loss of funds or any other catastrophic consequences. The confidence of the auditing team is based on a manual review and a fuzz testing model.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Catalyst enables direct atomic swaps between different blockchains, such as Ethereum, Cosmos, and rollups like Optimism and Eclipse \u2014 eliminating the need for bridged assets. Catalyst\u2019s Incentivized Message Escrow protocol serves as an abstraction layer between Arbitrary Message Bridges and the applications that use them. It allows applications to send messages across chains in a trustless manner. The protocol is designed to&hellip;<\/p>\n","protected":false},"author":22,"featured_media":744,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20,10,103],"tags":[89,124,104],"class_list":["post-743","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-audits","category-ethereum","category-wake","tag-audit-summary","tag-catalyst","tag-wake"],"aioseo_notices":[],"featured_image_src":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2024\/06\/Catalyst-600x400.png","featured_image_src_square":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2024\/06\/Catalyst-600x600.png","author_info":{"display_name":"Andrey Babushkin","author_link":"https:\/\/ackee.xyz\/blog\/author\/andrey-babushkin\/"},"_links":{"self":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts\/743","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/users\/22"}],"replies":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/comments?post=743"}],"version-history":[{"count":0,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts\/743\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/media\/744"}],"wp:attachment":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/media?parent=743"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/categories?post=743"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/tags?post=743"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}