Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Babylon Genesis Chain>Design>Vigilante reporter
GeneralOverview
Findings
Critical (10)
High (4)
Medium (4)
Low (7)
Informational (7)
DiscussionBabylon node module-wise reviewed parametersDependency management and vulnerability assessmentPanic handling in ABCI++ handlersBehavior of MissedBlocksCounter on consecutive windows
DesignModule: btclightclientModule: btccheckpointModule: checkpointingModule: epochingModule: finalityModule: incentiveModule: monitorModule: mintModule: btcstakingbtc-stakerstaking-expiry-checkerbtc-staking-tsVigilante reporterVigilante submitterVigilante monitor (BTC timestamping monitor)Vigilante BTC staking trackerCryptographyFinality providerCovenant emulatorModule: staking-queue-clientstaking-api-servicebabylon-staking-indexersimple-staking
Audit ResultsAssessment Results
AddendumAddendumNonce reuse in adaptor signatures allows recovering signing key testsKey recovery succeeding on output from a btc-delegations query test

Vigilante reporter

Description

This package implements the vigilante reporter. The vigilante reporter is responsible for

  • syncing the latest BTC blocks with a BTC node

  • extracting headers and checkpoints from BTC blocks

  • forwarding headers and checkpoints to a Babylon node

  • detecting and reporting inconsistency between BTC blockchain and the Babylon btclightclient header chain

  • detecting and reporting stalling attacks where a checkpoint is w-deep on BTC but Babylon has not included its k-deep proof

Invariants

For reference, here are some examples:

  • Cannot miss blocks, that is to say it cannot receive a block N and then block N+2, missing block N+1

  • Ensures that blocks reported on the BTC chain at height X are the same on BBN — this is done by ensuring the chain of blocks is correct (verifiying their hashes)

  • Ensure that new BTC updates are correctly submitted and retrying until they are submitted to the BBN chain

  • Correctly accounts for the node going down

Test coverage

Cases covered

  • Fuzzing various blocks with different amount TXs and a fuzzy amount of data

  • E2E test — vigilante able to handle frequent BTC headers (very fast block mining)

  • E2E test — reorg/rollback tests (three-block--long chain with fork at block two)

  • E2E test — reorg after a restart of the vigilante

Cases not covered

  • E2E test — multiple reorgs/multiple reboot cycles (fuzzing)

  • Fuzzing and E2E tests combined for more coverage

Attack surface

There is no direct attack surface, apart from a BTC miner that reveals forks with certain characteristics to cause issues in the parsing of the vigilante, which could cause it to crash, or potential edge cases that could cause issues in message formation such that the Babylon chain would not accept these messages.

Zellic © 2025Back to top ↑