{"id":867,"date":"2024-07-09T15:57:31","date_gmt":"2024-07-09T13:57:31","guid":{"rendered":"https:\/\/ackee.xyz\/blog\/?p=867"},"modified":"2024-07-10T12:39:22","modified_gmt":"2024-07-10T10:39:22","slug":"catalysts-incentivized-message-escrow-revision-2-0-agudit-summary","status":"publish","type":"post","link":"https:\/\/ackee.xyz\/blog\/catalysts-incentivized-message-escrow-revision-2-0-agudit-summary\/","title":{"rendered":"Catalyst\u2019s Incentivized Message Escrow Revision 2.0 Audit Summary"},"content":{"rendered":"

Catalyst<\/a> enables direct atomic swaps between different blockchains, such as Ethereum, Cosmos, and rollups like Optimism and Eclipse \u2014 eliminating the need for bridged assets.<\/span><\/p>\n

Catalyst\u2019s Incentivized Message Escrow protocol serves as an abstraction layer between Arbitrary Message Bridges and the applications that use them. It allows applications to send messages across chains in a trustless manner. The protocol is designed to be chain-agnostic, meaning that it can be used with any blockchain compatible with EVM.<\/span><\/p>\n

Catalyst engaged Ackee Blockchain to perform a security review of the changes to the Generalised Incentives protocol. The smart contracts had previously been audited with a total time donation of 10 engineering days in a period between April 15 and April 26, 2024. The previous Catalyst audit summary covers Revisions 1.0 and 1.1. This audit summary focuses on the methodology, findings, and recommendations of Revision 2.0 and 2.1.<\/span><\/p>\n

METHODOLOGY<\/span><\/h2>\n

We began our review by using static analysis tools, namely Wake. We then took a deep dive into the logic of the contracts and used Wake testing framework for cross-chain testing.<\/span><\/p>\n

While the total scope included several minor changes in several contracts, the main goal of the review was to verify the correctness of integrating the Incentivized Message Escrow protocol with the LayerZero AMB.<\/span><\/p>\n

SCOPE<\/span><\/h2>\n

Revision 2.0<\/b>
\n<\/span>The audit was performed on the commit bb8c4d9 and the scope included all the changes from <\/span>PR#52<\/span><\/a> up to the commit bb8c4d9\u00a0\u00a0<\/span><\/p>\n

 <\/p>\n

Revision 2.1<\/b>
\n<\/span>The review was done on multiple commits from several pull requests:<\/span><\/p>\n