Assessment reports>Babylon Genesis Chain>Low findings>Incorrect negative checks
Category: Coding Mistakes

Incorrect negative checks

Low Severity
Low Impact
Low Likelihood

Description

In btc-staking-ts, there are multiple functions that claim to validate whether values are negative but do so incorrectly.

For example, in the StakingScripts class:

// check that maximum value for staking time is not greater than uint16 and above 0
if (this.stakingTimeLock == 0 || this.stakingTimeLock > 65535) {
    return false;
}

// check that maximum value for unbonding time is not greater than uint16 and above 0
if (this.unbondingTimeLock == 0 || this.unbondingTimeLock > 65535) {
    return false;
}

In addition, the ObservableStaking class does not validate whether the btcActivationHeight field is a negative number.

Impact

A user or dApp would not be prevented from accidentally supplying a negative number for these fields, which could lead to unintended behavior.

In the case of StakingScripts, this value would be compiled into the Bitcoin script and passed to the OP_CHECKSEQUENCEVERIFY opcode, which could lead to errors upon execution.

Recommendations

Fix the checks to prevent negative values.

Remediation

This issue has been acknowledged by Babylon Labs, and a fix was implemented in commit 924d3d12.

Zellic © 2025Back to top ↑