Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Babylon Chain>Medium findings>Invalid creation of unbonding TX leads to loss of gas
GeneralOverview
Findings
Critical (4)
Medium (1)Invalid creation of unbonding TX leads to loss of gas
Low (4)
Informational (4)
DiscussionOverflowed transaction promotionMitigating potential attacks through maximum staking valueImproving front-end security
Threat ModelTransaction generation and signingBabylon modules
Audit ResultsAssessment Results
Category: Coding Mistakes

Invalid creation of unbonding TX leads to loss of gas

Medium Severity
Medium Impact
Medium Likelihood

Description

Disclaimer: The Babylon team had already fixed this issue approximately five hours prior to us reporting it.

In Babylon's staking dashboard, users are able to execute staking and unbonding transactions.

The unbonding transaction specifically must adhere to the following criteria:

  1. It contains exactly one input, which points to the staking transaction's taproot output.

  2. It contains exactly one output, which must be a taproot output committing to the BTC unbonding scripts recognized by Babylon.

It is important to note that the staking transaction can contain an arbitrary number of outputs, which means that the staking transaction's output index can be an arbitrary positive number.

When the staking dashboard generates the unbonding transaction, it does it correctly. The one and only output of the unbonding transaction will be the taproot output at index zero.

After the unbonding timelock period has expired, if the user wishes to withdraw their BTC, a withdrawal transaction must be broadcasted.

This withdrawal transaction has one input, which points to the taproot output of the unbonding transaction. In this case, the taproot output index will always be zero.

However, in the staking dashboard, the code actually passes in the staking transaction's output index to the withdrawEarlyUnbondedTransaction() function:

if (delegation?.unbondingTx) {
  // Withdraw funds from an unbonding transaction that was submitted for early unbonding and the unbonding period has passed
  withdrawPsbtTxResult = withdrawEarlyUnbondedTransaction(
    {
      unbondingTimelockScript,
      slashingScript,
    },
    Transaction.fromHex(delegation.unbondingTx.txHex),
    address,
    btcWalletNetwork,
    fees.fastestFee,
    delegation.stakingTx.outputIndex, // Incorrect index
  );
}

Impact

The impact of this is that users will be unable to unbond if their staking transaction's taproot output index was not set to zero.

We are not certain what the likelihood of this occurring is, but we assume a medium likelihood because the staking transaction's output index is not enforced or guaranteed to be 0.

Since users can still technically generate their own withdrawal transaction, we also assume a medium severity. It is important to note that typical users (i.e., the majority) will not have the technical capability to do this.

With a medium likelihood and medium severity, we determined a medium impact to the user as they are unable to withdraw their unbonded BTC.

Recommendations

Modify the call to withdrawEarlyUnbondedTransaction() in order to pass 0 as the output index.

Additionally, the call to withdrawTimelockUnbondedTransaction() must also be modified to pass in delegation.stakingTx.outputIndex. This code is in the same function.

Remediation

This issue has been acknowledged by Babylon, and a fix was implemented in commit 5bb21090.

Zellic © 2025Back to top ↑