Assessment reports>Babylon Genesis Chain>Critical findings>Arbitrary Deduction of Total Bond Satoshi from Expiring Delegation Handling
GeneralOverview
Audit ResultsAssessment Results
Category: Coding Mistakes

Arbitrary Deduction of Total Bond Satoshi from Expiring Delegation Handling

Critical Severity
High Impact
Low Likelihood

Description

When a staking transaction is executed on the BTC network, the MsgCreateBTCDelegation message is processed with a proof, triggering the following code execution: BTC Delegation Code.

  • The BTCDelegationStatus_EXPIRED event is scheduled to be emitted in a future block.

  • The BTCDelegationStatus_ACTIVED event is not emitted immediately and only activates later when a sufficient number of Covenant Signatures are received.

  • If an insufficient number of MsgAddCovenantSigs messages are executed, the quorum is never met, and BTCDelegationStatus_ACTIVED is never emitted.

When the scheduled block for BTCDelegationStatus_EXPIRED arrives, the following code is executed:

  1. processPowerDistUpdateEventUnbond

  2. MustProcessBtcDelegationUnbonded

  3. subDelegationSat

Since BTCDelegationStatus_ACTIVED was never emitted, no Delegated Satoshi was added for the affected FP. However, the BTCDelegationStatus_EXPIRED event still causes the Delegated Satoshi to be deducted.

Impact

In rare cases, an attacker could censor or DDoS covenant members for an extended period, preventing the quorum from being reached. If the quorum is not met in time, the BTCDelegationStatus_ACTIVED event is never emitted, yet the BTCDelegationStatus_EXPIRED event still triggers a deduction of Delegated Satoshi for the affected Finality Provider. This could result in an arbitrary and unfair reduction of a specific FP’s Delegated Satoshi, even though no delegation was ever successfully activated.

Recommendations

Modify the expiration event handling logic to ensure that BTCDelegationStatus_EXPIRED does not trigger a deduction if BTCDelegationStatus_ACTIVED was never emitted.

Remediation

This issue has been acknowledged by Babylon Labs, and a fix was implemented in commit 1ebc3727.

This was remediated by ensuring that if a specific delegation has not received a quorum of Covenant signatures, the BTCDelegationStatus_EXPIRED event is not processed when it occurs.

Zellic © 2025Back to top ↑