diff --git a/data/submissions/babylon-protocol/all/chatgpt-2026-05-28.json b/data/submissions/babylon-protocol/all/chatgpt-2026-05-28.json new file mode 100644 index 0000000000..5175a2fe86 --- /dev/null +++ b/data/submissions/babylon-protocol/all/chatgpt-2026-05-28.json @@ -0,0 +1,626 @@ +[ + { + "schema_version": 4, + "slug": "babylon-protocol", + "slice": "control", + "snapshot_generated_at": "2026-05-25T10:00:13.281Z", + "prompt_version": 29, + "analysis_date": "2026-05-28", + "model": "gpt-5.5-thinking", + "chat_url": "https://chatgpt.com/share/6a18ce30-bee8-8333-adbf-e96d0feb3cfc", + "grading_basis": "off-chain-only", + "grade": "unknown", + "headline": "Control unknown: docs show BABY governance can change staking/light-client parameters and software, but live authorities, committee quorum, and delays were not re-read on-chain.", + "short_headline": "Control path unread", + "rationale": { + "findings": [ + { + "code": "C1", + "text": "No pinned address_book or EVM surfacer existed for this Bitcoin/Cosmos deployment. Off-chain docs identify BABY token holders, delegates, and validators as governance participants, but no live owner/admin/governor state was readable in this run." + }, + { + "code": "C2", + "text": "The fetched architecture is Cosmos SDK modules rather than EVM proxies. BTC Staking and BTC Light Client each expose MsgUpdateParams messages whose signer is the governance authority, but the live authority account and software-upgrade handler/admin path were not read from chain state." + }, + { + "code": "C3", + "text": "Official docs describe a standard governance path with up to 14 days deposit, 3 days voting and automatic execution for parameter changes/fund transfers, plus an expedited 1-day voting path, but these numeric constants were not re-read from live bbn-1 state." + }, + { + "code": "C4", + "text": "The covenant committee is an M-of-N Bitcoin-key multisig embedded in staking scripts, with public keys and threshold governed by Babylon Genesis parameters; current members, quorum, signer identities, and insider/non-insider status were not re-read." + }, + { + "code": "C5", + "text": "The only governance constants obtained were documentation values for deposit, voting period, quorum, thresholds, veto and expedited threshold; no live Cosmos governance params were fetched." + }, + { + "code": "C6", + "text": "No separate emergency pause, guardian, or security-council path was verified from live state. The fetched docs/code do not give a current emergency actor list." + }, + { + "code": "C7", + "text": "The highest reachable tier could not be classified: governance appears able to update BTC staking params such as covenant keys/quorum, slashing rate, staking bounds, unbonding time, and light-client header-insertion allow-list, but the live execution path and delay were not read." + } + ], + "steelman": null, + "verdict": "Blocked because the run established only off-chain documentation/code evidence for governance and module authority. Without live bbn-1 governance params, covenant committee params, upgrade handler state, or any readable current admin path, the upgrade/control tier and uncontested fast-path delay cannot be determined reproducibly." + }, + "evidence": [ + { + "url": "https://babylonlabs.io", + "shows": "Official website for Babylon Labs; links to Docs, GitHub, Forum, and Bug Bounty, and describes native self-custodial Bitcoin staking with no wrapping or pegging.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://github.com/babylonlabs-io/babylon", + "shows": "Public Babylon source repository; README describes Bitcoin timestamping and trustless self-custodial Bitcoin staking and links docs.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://immunefi.com/bug-bounty/babylon-labs/information/", + "shows": "Public Immunefi bounty page for Babylon Labs; maximum bounty $500,000, live since 16 September 2024, last updated 28 May 2026.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://github.com/babylonlabs-io/babylon/security/policy", + "shows": "Security policy instructs researchers to privately report vulnerabilities to security@babylonlabs.io or GitHub Private Vulnerability Reporting.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://docs.babylonlabs.io/guides/overview/babylon_genesis/governance/", + "shows": "Official governance docs state Babylon Genesis uses Cosmos SDK governance; BABY holders and delegates propose, vote, and enact modifications. Docs list standard 50,000 BABY deposit, 14-day max deposit period, 3-day voting, expedited 1-day voting, 33.4% quorum, 50% approval threshold, 66.7% expedited threshold, and automatic implementation for approved parameter changes and fund transfers.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://github.com/babylonlabs-io/babylon/blob/16e00c88d9cfd2e9f92bb786c474f6e79628a49f/x/btcstaking/README.md", + "commit": "16e00c88d9cfd2e9f92bb786c474f6e79628a49f", + "shows": "Commit-pinned BTC Staking module README: module maintains finality providers and BTC delegations, handles delegation creation, covenant signatures and unbonding; parameters include covenant public keys/quorum; MsgCreateBTCDelegation signer is staker_addr; MsgBTCUndelegate verifies the BTC delegator signature; MsgUpdateParams is executable only via governance.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://github.com/babylonlabs-io/babylon/blob/16e00c88d9cfd2e9f92bb786c474f6e79628a49f/x/btclightclient/README.md", + "commit": "16e00c88d9cfd2e9f92bb786c474f6e79628a49f", + "shows": "Commit-pinned BTC Light Client README: Babylon maintains a Bitcoin header chain, validates inclusion proofs, restricts header insertion when insert_headers_allow_list is nonempty, applies Bitcoin-like PoW/difficulty/total-work rules, and updates light-client params only via governance.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://github.com/babylonlabs-io/babylon/blob/16e00c88d9cfd2e9f92bb786c474f6e79628a49f/docs/staking-script.md", + "commit": "16e00c88d9cfd2e9f92bb786c474f6e79628a49f", + "shows": "Commit-pinned BTC staking script spec: staker is controller/beneficiary; covenant committee is M-of-N; co-signatures are prerequisites for activation; transaction types include Staking, Unbonding, Slashing, and Withdrawal; timelock, unbonding, slashing, and refund paths are defined.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://docs.babylonlabs.io/developers/babylon_genesis_chain/node_information/", + "shows": "Official node docs list Babylon Genesis mainnet bbn-1 RPC, archive RPC, LCD, archive LCD, and gRPC endpoints; attempts to fetch live LCD parameter endpoints were blocked by the available fetch tool's URL allowlist.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://docs.babylonlabs.io/developers/babylon_genesis_chain/explorers/", + "shows": "Official explorer docs list MintScan and Xangle explorers for Babylon Genesis mainnet; MintScan was attempted but yielded no usable page body in this run.", + "fetched_at": "2026-05-28T23:05:40Z" + } + ], + "unknowns": [ + "C1-offchain: no owner/admin/governor read was possible because the pinned address_book was null and Babylon Genesis is not an EVM chain supported by the DeFiPunkd read API; LCD param reads from the documented bbn-1 endpoint were rejected by the fetch allowlist.", + "C2-offchain: current software-upgrade authority, upgrade handler schedule, and any module authority account were not re-read from live bbn-1 state.", + "C3-offchain: standard and expedited governance timing values came only from docs; live deposit/voting/timelock or scheduling constants were not read on-chain.", + "C4-offchain: current covenant committee public keys, quorum, signer identities, and whether any multisig-like operational actors have reachable control were not read.", + "C5-offchain: proposal threshold, voting period, quorum, veto threshold, expedited period, and expedited threshold were not read from live governance params.", + "C6-offchain: no live emergency pause/guardian/security council role was fetched.", + "C7-offchain: no live path was sufficient to classify the highest reachable power tier over BTC staking, finality, light-client, or incentive modules." + ], + "protocol_metadata": { + "github": [ + "https://github.com/babylonlabs-io/babylon" + ], + "docs_url": "https://docs.babylonlabs.io", + "audits": [], + "governance_forum": "https://forum.babylon.foundation/", + "voting_token": null, + "bug_bounty_url": "https://immunefi.com/bug-bounty/babylon-labs/information/", + "security_contact": "security@babylonlabs.io", + "deployed_contracts_doc": null, + "admin_addresses": [], + "upgradeability": "unknown", + "about": "Babylon lets BTC holders stake native Bitcoin by locking UTXOs in Taproot-based staking scripts rather than wrapping or bridging BTC. The Babylon Genesis chain registers BTC delegations, tracks finality-provider voting power, and distributes BABY rewards. Slashing is enforced through pre-signed transactions, finality-provider EOTS keys, and covenant committee cosignatures." + } + }, + { + "schema_version": 4, + "slug": "babylon-protocol", + "slice": "ability-to-exit", + "snapshot_generated_at": "2026-05-25T10:00:13.281Z", + "prompt_version": 29, + "analysis_date": "2026-05-28", + "model": "gpt-5.5-thinking", + "chat_url": "https://chatgpt.com/share/6a18ce30-bee8-8333-adbf-e96d0feb3cfc", + "grading_basis": "off-chain-only", + "grade": "green", + "headline": "Bitcoin principal exits are staker-controlled: timelock withdrawal and on-demand unbonding paths are Bitcoin transactions signed by the staker; live pause/parameter reads were unavailable.", + "short_headline": "Bitcoin-side exit", + "rationale": { + "findings": [ + { + "code": "E1", + "text": "User-facing exit functions/flows found: staking-output timelock withdrawal, on-demand unbonding transaction, unbonding-output timelock withdrawal, slashing-refund withdrawal, MsgBTCUndelegate for Babylon-side unbonding state, and MsgWithdrawReward for Babylon rewards." + }, + { + "code": "E2", + "text": "Principal exit access is script-level: staking-output timelock path requires StakerPK plus OP_CHECKSEQUENCEVERIFY; on-demand unbonding requires StakerPK plus covenant threshold signatures; unbonding-output and slashing-refund withdrawals require the staker signature after the relevant timelock." + }, + { + "code": "E3", + "text": "The fetched staking script spec states covenant co-signatures are published before activation and that the covenant committee cannot act against stakers except by rejecting staking requests. No live pause role or PAUSE_INFINITELY equivalent was verified." + }, + { + "code": "E4", + "text": "No separate emergency-pause versus governance-pause path was found in the Bitcoin script exits; principal withdrawal after timelock is a Bitcoin transaction, not an interface-mediated action. A Babylon-side pause role was not re-read." + }, + { + "code": "E5", + "text": "Queued/early exit uses an on-demand unbonding period specified by Babylon parameters; the registration doc says the staker retrieves the pre-recorded unbonding transaction and covenant signatures, adds the staker signature, and broadcasts to Bitcoin. The current unbonding-time value was not re-read." + }, + { + "code": "E6", + "text": "Adversarial-admin escape path for BTC principal is the Bitcoin-side timelock withdrawal path: once the relevant staking, unbonding, or slashing-refund timelock expires, the withdrawal transaction is signed by the staker and submitted to Bitcoin." + }, + { + "code": "E7", + "text": "The Terms and registration docs both support non-frontend exit: the Interface is not needed to interact with the protocols, and withdrawals/reward claims can be made via Bitcoin transactions, RPC/LCD, CLI, or TypeScript." + } + ], + "steelman": { + "red": "A red case would require evidence that a live admin/governance pause can block claims of already-finalized or timelock-unlocked BTC indefinitely, but the fetched Bitcoin scripts and Terms do not show such a path.", + "orange": "An orange case is that early unbonding and reward claims depend on Babylon parameters, covenant signatures, and Babylon-side reporting whose live values/roles were not re-read from chain state.", + "green": "The green case is strongest for BTC principal: staker-controlled Bitcoin scripts provide withdrawal after timelock, on-demand unbonding signatures are recorded before activation, finality-provider consent is explicitly not required for unbonding, and the official interface is not needed." + }, + "verdict": "Choosing green because the highest-confidence, fund-principal exit path is Bitcoin-side and staker-signed: after the staking or unbonding timelock, a withdrawal transaction can be constructed and submitted to Bitcoin, while on-demand unbonding relies on covenant signatures recorded at activation rather than future admin approval. The unresolved live Babylon parameters affect timing/early-exit state reporting and rewards, not the existence of a staker-controlled principal withdrawal path." + }, + "evidence": [ + { + "url": "https://babylonlabs.io", + "shows": "Official website for Babylon Labs; links to Docs, GitHub, Forum, and Bug Bounty, and describes native self-custodial Bitcoin staking with no wrapping or pegging.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://github.com/babylonlabs-io/babylon", + "shows": "Public Babylon source repository; README describes Bitcoin timestamping and trustless self-custodial Bitcoin staking and links docs.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://immunefi.com/bug-bounty/babylon-labs/information/", + "shows": "Public Immunefi bounty page for Babylon Labs; maximum bounty $500,000, live since 16 September 2024, last updated 28 May 2026.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://github.com/babylonlabs-io/babylon/security/policy", + "shows": "Security policy instructs researchers to privately report vulnerabilities to security@babylonlabs.io or GitHub Private Vulnerability Reporting.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://babylonlabs.io/terms-of-use", + "shows": "Terms state anyone with internet access and technical sophistication can interact directly with the Protocols; the Interface is not needed; source codes are available at GitHub; Babylon Labs says it does not operate or control the Protocols, validators, or finality providers; users sign staking, unbonding, and withdrawal instructions with private keys inaccessible to the Interface or Provider.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://github.com/babylonlabs-io/babylon/blob/16e00c88d9cfd2e9f92bb786c474f6e79628a49f/docs/staking-script.md", + "commit": "16e00c88d9cfd2e9f92bb786c474f6e79628a49f", + "shows": "Commit-pinned BTC staking script spec: staker is controller/beneficiary; covenant committee is M-of-N; co-signatures are prerequisites for activation; transaction types include Staking, Unbonding, Slashing, and Withdrawal; timelock, unbonding, slashing, and refund paths are defined.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://github.com/babylonlabs-io/babylon/blob/16e00c88d9cfd2e9f92bb786c474f6e79628a49f/docs/register-bitcoin-stake.md", + "commit": "16e00c88d9cfd2e9f92bb786c474f6e79628a49f", + "shows": "Commit-pinned stake registration doc: technical readers can construct and broadcast MsgCreateBTCDelegation via CLI, TypeScript, Golang, or Cosmos SDK; new phase-2 staking is accepted once the allow-list expires; on-demand unbonding uses covenant signatures recorded at activation; principal withdrawals are Bitcoin transactions signed by the staker; rewards can be withdrawn via RPC/LCD, CLI, or TypeScript.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://github.com/babylonlabs-io/babylon/blob/16e00c88d9cfd2e9f92bb786c474f6e79628a49f/x/btcstaking/README.md", + "commit": "16e00c88d9cfd2e9f92bb786c474f6e79628a49f", + "shows": "Commit-pinned BTC Staking module README: module maintains finality providers and BTC delegations, handles delegation creation, covenant signatures and unbonding; parameters include covenant public keys/quorum; MsgCreateBTCDelegation signer is staker_addr; MsgBTCUndelegate verifies the BTC delegator signature; MsgUpdateParams is executable only via governance.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://docs.babylonlabs.io/developers/babylon_genesis_chain/node_information/", + "shows": "Official node docs list Babylon Genesis mainnet bbn-1 RPC, archive RPC, LCD, archive LCD, and gRPC endpoints; attempts to fetch live LCD parameter endpoints were blocked by the available fetch tool's URL allowlist.", + "fetched_at": "2026-05-28T23:05:40Z" + } + ], + "unknowns": [ + "E3-offchain: live Babylon pause/param role state was not read; no PAUSE_ROLE, GUARDIAN, or pause duration could be checked on-chain.", + "E4-offchain: no live emergency-vs-governance pause distinction could be queried from bbn-1.", + "E5-offchain: current unbonding_time_blocks/unbonding_time, withdrawal delays, and any active queue caps were not re-read from live params.", + "E7-offchain: direct write-tab style verification is not available for Bitcoin/Cosmos in the DeFiPunkd EVM read API; direct-callability is based on docs, Terms, and CLI/RPC paths." + ], + "protocol_metadata": { + "github": [ + "https://github.com/babylonlabs-io/babylon" + ], + "docs_url": "https://docs.babylonlabs.io", + "audits": [], + "governance_forum": "https://forum.babylon.foundation/", + "voting_token": null, + "bug_bounty_url": "https://immunefi.com/bug-bounty/babylon-labs/information/", + "security_contact": "security@babylonlabs.io", + "deployed_contracts_doc": null, + "admin_addresses": [], + "upgradeability": "unknown", + "about": "Babylon lets BTC holders stake native Bitcoin by locking UTXOs in Taproot-based staking scripts rather than wrapping or bridging BTC. The Babylon Genesis chain registers BTC delegations, tracks finality-provider voting power, and distributes BABY rewards. Slashing is enforced through pre-signed transactions, finality-provider EOTS keys, and covenant committee cosignatures." + } + }, + { + "schema_version": 4, + "slug": "babylon-protocol", + "slice": "autonomy", + "snapshot_generated_at": "2026-05-25T10:00:13.281Z", + "prompt_version": 29, + "analysis_date": "2026-05-28", + "model": "gpt-5.5-thinking", + "chat_url": "https://chatgpt.com/share/6a18ce30-bee8-8333-adbf-e96d0feb3cfc", + "grading_basis": "off-chain-only", + "grade": "unknown", + "headline": "Impacted TVS unclear: architecture depends on finality providers, covenant committee, BTC light-client header submission, and vigilantes, but live distribution/quorums/TVS share were not readable.", + "short_headline": "Dependencies unread", + "rationale": { + "findings": [ + { + "code": "A1", + "text": "External/core cross-module dependencies found from source docs: BTC Staking consumes BTC Light Client confirmation data; Finality consumes voting power from BTC Staking; BTC Light Client accepts MsgInsertHeaders and validates Bitcoin headers/inclusion proofs under Bitcoin-like PoW and total-work rules. No price oracle was found in fetched materials." + }, + { + "code": "A2", + "text": "Off-chain actor sets include finality providers, covenant committee members, and vigilante programs. The covenant committee provides M-of-N signatures for activation/unbonding/slashing paths; finality providers can trigger slashing if they double-sign; vigilantes report Bitcoin data and slashing/unbonding events." + }, + { + "code": "A3", + "text": "The core BTC staking docs and website describe native Bitcoin staking without wrapping or pegging. The fetched sources also mention IBC/Consumer Zone communication, but material TVS on any bridge or cross-chain extension was not verified." + }, + { + "code": "A4", + "text": "Collateral-chain depth is BTC UTXO locked in a Babylon-recognized staking script, delegated to a finality provider and registered on Babylon Genesis. Failure of a selected finality provider can propagate to principal via protocol slashing, with the slashed fraction governed by Babylon parameters." + }, + { + "code": "A6", + "text": "Mitigations documented in source include Bitcoin-like header validation in BTC Light Client, pre-activation covenant signatures, staking-script timelocks, and BTC Staking Monitor slashing/unbonding observation; live activation and current parameters were not queried." + }, + { + "code": "A7", + "text": "Babylon Genesis is its own Cosmos SDK chain with CometBFT and an extra finality round; no separate L2 sequencer dependency beyond its own validator/finality-provider stack was identified from fetched sources." + }, + { + "code": "A8", + "text": "Keeper/relayer liveness dependencies are material: the architecture states secure operation requires at least one honest vigilante operator, and the BTC Staking Monitor reports unbonding/slashing events and can execute slashing if non-execution occurs." + }, + { + "code": "A9", + "text": "Governance-mutable dependency surfaces exist in code/docs: BTC Staking params include covenant keys/quorum and BTC Light Client params include insert_headers_allow_list; both are changed through governance-only MsgUpdateParams, but the live governance delay/exit window was not re-read." + } + ], + "steelman": null, + "verdict": "Blocked because the core architecture and dependency classes are visible in source docs, but the current live covenant quorum, covenant member set, finality-provider distribution, header-insertion allow-list, vigilante liveness model, governance delay, and TVS weighting by module were not readable. Without those, impacted TVS under the worst unmitigated dependency cannot be bounded reproducibly." + }, + "evidence": [ + { + "url": "https://babylonlabs.io", + "shows": "Official website for Babylon Labs; links to Docs, GitHub, Forum, and Bug Bounty, and describes native self-custodial Bitcoin staking with no wrapping or pegging.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://github.com/babylonlabs-io/babylon", + "shows": "Public Babylon source repository; README describes Bitcoin timestamping and trustless self-custodial Bitcoin staking and links docs.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://immunefi.com/bug-bounty/babylon-labs/information/", + "shows": "Public Immunefi bounty page for Babylon Labs; maximum bounty $500,000, live since 16 September 2024, last updated 28 May 2026.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://github.com/babylonlabs-io/babylon/security/policy", + "shows": "Security policy instructs researchers to privately report vulnerabilities to security@babylonlabs.io or GitHub Private Vulnerability Reporting.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://github.com/babylonlabs-io/babylon/blob/16e00c88d9cfd2e9f92bb786c474f6e79628a49f/docs/architecture.md", + "commit": "16e00c88d9cfd2e9f92bb786c474f6e79628a49f", + "shows": "Commit-pinned architecture doc: Babylon node modules include BTC Light Client, BTC Staking, Finality, Incentive, and vigilante programs; secure operation requires at least one honest vigilante operator; the BTC Staking Monitor reports unbonding and slashing and can extract finality-provider keys for slashing.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://github.com/babylonlabs-io/babylon/blob/16e00c88d9cfd2e9f92bb786c474f6e79628a49f/x/btclightclient/README.md", + "commit": "16e00c88d9cfd2e9f92bb786c474f6e79628a49f", + "shows": "Commit-pinned BTC Light Client README: Babylon maintains a Bitcoin header chain, validates inclusion proofs, restricts header insertion when insert_headers_allow_list is nonempty, applies Bitcoin-like PoW/difficulty/total-work rules, and updates light-client params only via governance.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://github.com/babylonlabs-io/babylon/blob/16e00c88d9cfd2e9f92bb786c474f6e79628a49f/x/btcstaking/README.md", + "commit": "16e00c88d9cfd2e9f92bb786c474f6e79628a49f", + "shows": "Commit-pinned BTC Staking module README: module maintains finality providers and BTC delegations, handles delegation creation, covenant signatures and unbonding; parameters include covenant public keys/quorum; MsgCreateBTCDelegation signer is staker_addr; MsgBTCUndelegate verifies the BTC delegator signature; MsgUpdateParams is executable only via governance.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://github.com/babylonlabs-io/babylon/blob/16e00c88d9cfd2e9f92bb786c474f6e79628a49f/x/finality/README.md", + "commit": "16e00c88d9cfd2e9f92bb786c474f6e79628a49f", + "shows": "Commit-pinned Finality module README: finality providers participate in an extra finality round with voting power from BTC delegations; the module handles finality votes, finalization status, sluggish providers, and equivocation evidence.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://github.com/babylonlabs-io/babylon/blob/16e00c88d9cfd2e9f92bb786c474f6e79628a49f/docs/staking-script.md", + "commit": "16e00c88d9cfd2e9f92bb786c474f6e79628a49f", + "shows": "Commit-pinned BTC staking script spec: staker is controller/beneficiary; covenant committee is M-of-N; co-signatures are prerequisites for activation; transaction types include Staking, Unbonding, Slashing, and Withdrawal; timelock, unbonding, slashing, and refund paths are defined.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://docs.babylonlabs.io/developers/babylon_genesis_chain/node_information/", + "shows": "Official node docs list Babylon Genesis mainnet bbn-1 RPC, archive RPC, LCD, archive LCD, and gRPC endpoints; attempts to fetch live LCD parameter endpoints were blocked by the available fetch tool's URL allowlist.", + "fetched_at": "2026-05-28T23:05:40Z" + } + ], + "unknowns": [ + "A1-offchain: live external-contract/module state, BTC light-client current header state, and insert_headers_allow_list were not fetched from bbn-1.", + "A2-offchain: current covenant committee size/quorum/signers, finality-provider distribution, validator set, and vigilante operator set were not read.", + "A3-offchain: material TVS on Consumer Zones, IBC paths, vaults, or other Babylon-linked modules was not measured.", + "A4-offchain: current slashing_fraction/slashing_rate, burn address, and whether any stake is multi-delegated or BSN-specific were not read from live params.", + "A5: fork lineage was not provided in the pinned context and was not independently verified.", + "A6-offchain: fallback activation status for covenant signatures, watcher/monitor behavior, and light-client allow-list was not read live; source docs are corroboration only.", + "A7-offchain: live Babylon Genesis validator/finality-provider liveness and CometBFT/finality safety parameters were not fetched.", + "A8-offchain: whether vigilante submission/reporting/slashing roles are permissionless in current live configuration was not re-read.", + "A9-offchain: governance delay and exit window for changing covenant keys/quorum, slashing params, and BTC light-client insertion allow-list were not read live.", + "A9-offchain: impacted TVS for the worst unmitigated dependency is unclear because current BTC-staked amounts by module/finality-provider and materiality of non-core modules were not measured in this run." + ], + "protocol_metadata": { + "github": [ + "https://github.com/babylonlabs-io/babylon" + ], + "docs_url": "https://docs.babylonlabs.io", + "audits": [], + "governance_forum": "https://forum.babylon.foundation/", + "voting_token": null, + "bug_bounty_url": "https://immunefi.com/bug-bounty/babylon-labs/information/", + "security_contact": "security@babylonlabs.io", + "deployed_contracts_doc": null, + "admin_addresses": [], + "upgradeability": "unknown", + "about": "Babylon lets BTC holders stake native Bitcoin by locking UTXOs in Taproot-based staking scripts rather than wrapping or bridging BTC. The Babylon Genesis chain registers BTC delegations, tracks finality-provider voting power, and distributes BABY rewards. Slashing is enforced through pre-signed transactions, finality-provider EOTS keys, and covenant committee cosignatures." + } + }, + { + "schema_version": 4, + "slug": "babylon-protocol", + "slice": "open-access", + "snapshot_generated_at": "2026-05-25T10:00:13.281Z", + "prompt_version": 29, + "analysis_date": "2026-05-28", + "model": "gpt-5.5-thinking", + "chat_url": "https://chatgpt.com/share/6a18ce30-bee8-8333-adbf-e96d0feb3cfc", + "grading_basis": "off-chain-only", + "grade": "unknown", + "headline": "Access unknown: direct non-frontend paths exist, but current BTC-staking allow-list and contract-level admission status could not be re-read.", + "short_headline": "Allow-list unread", + "rationale": { + "findings": [ + { + "code": "A1", + "text": "User entry point MsgCreateBTCDelegation is signed by staker_addr, but the fetched registration doc states new phase-2 staking registration is accepted once the allow-list expires, and the BTC Staking module README says create-delegation verification can require the staking tx to be in an allow-list if allow-listing is enabled." + }, + { + "code": "A2", + "text": "Admission/activation involves Babylon validators and the covenant committee validating the staking operation. Pre-staking is designed to get validation before locking funds; covenant signatures are required before activation, but current operator set and allow-list status were not read." + }, + { + "code": "A3", + "text": "Official Interface/Services impose passive Terms restrictions including age, technical-knowledge, sanctions/restricted-territory, Canada/Australia, and VPN/IP-hiding restrictions. These are publisher/service policies, not proven contract-level restrictions." + }, + { + "code": "A3b", + "text": "Independent access paths exist in the fetched sources: the Terms state the Interface is not needed and anyone with internet access and technical sophistication can interact directly with the Protocols; registration docs list CLI, TypeScript, Golang, Cosmos SDK/RPC/LCD methods." + }, + { + "code": "A4", + "text": "No on-chain sanctions/blocklist check was identified in fetched docs/code, but current live admission params were not queried." + }, + { + "code": "A5", + "text": "Read access is available through documented RPC/LCD/gRPC endpoints and module queries; write access for staking/rewards uses signed Cosmos messages and Bitcoin transactions, subject to any current allow-list or parameter checks not read live." + }, + { + "code": "A6", + "text": "ToS clause extracted verbatim in evidence: users are not eligible if they are in restricted/sanctioned territories, are Sanctions Lists Persons, transact with such persons/territories, are in Canada or Australia, or use VPN/IP-hiding methods." + } + ], + "steelman": null, + "verdict": "Blocked because the run found strong off-chain evidence of direct, non-frontend interaction paths, but it could not verify the current allow-list state or whether any contract-level/user-action admission gate remains active. Since A1 is the operative grade input and the live allow-list status was not read, the admission grade is unknown rather than green." + }, + "evidence": [ + { + "url": "https://babylonlabs.io", + "shows": "Official website for Babylon Labs; links to Docs, GitHub, Forum, and Bug Bounty, and describes native self-custodial Bitcoin staking with no wrapping or pegging.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://github.com/babylonlabs-io/babylon", + "shows": "Public Babylon source repository; README describes Bitcoin timestamping and trustless self-custodial Bitcoin staking and links docs.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://immunefi.com/bug-bounty/babylon-labs/information/", + "shows": "Public Immunefi bounty page for Babylon Labs; maximum bounty $500,000, live since 16 September 2024, last updated 28 May 2026.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://github.com/babylonlabs-io/babylon/security/policy", + "shows": "Security policy instructs researchers to privately report vulnerabilities to security@babylonlabs.io or GitHub Private Vulnerability Reporting.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://babylonlabs.io/terms-of-use", + "shows": "Terms state anyone with internet access and technical sophistication can interact directly with the Protocols; the Interface is not needed; source codes are available at GitHub; Babylon Labs says it does not operate or control the Protocols, validators, or finality providers; users sign staking, unbonding, and withdrawal instructions with private keys inaccessible to the Interface or Provider.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://babylonlabs.io/terms-of-use", + "shows": "Terms eligibility clause states users are ineligible if they are under 18, lack technical knowledge, are in restricted/sanctioned territories, are Sanctions Lists Persons, transact with such persons or territories, are in Canada or Australia, or use a VPN or similar tool to hide IP address.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://github.com/babylonlabs-io/babylon/blob/16e00c88d9cfd2e9f92bb786c474f6e79628a49f/docs/register-bitcoin-stake.md", + "commit": "16e00c88d9cfd2e9f92bb786c474f6e79628a49f", + "shows": "Commit-pinned stake registration doc: technical readers can construct and broadcast MsgCreateBTCDelegation via CLI, TypeScript, Golang, or Cosmos SDK; new phase-2 staking is accepted once the allow-list expires; on-demand unbonding uses covenant signatures recorded at activation; principal withdrawals are Bitcoin transactions signed by the staker; rewards can be withdrawn via RPC/LCD, CLI, or TypeScript.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://github.com/babylonlabs-io/babylon/blob/16e00c88d9cfd2e9f92bb786c474f6e79628a49f/x/btcstaking/README.md", + "commit": "16e00c88d9cfd2e9f92bb786c474f6e79628a49f", + "shows": "Commit-pinned BTC Staking module README: module maintains finality providers and BTC delegations, handles delegation creation, covenant signatures and unbonding; parameters include covenant public keys/quorum; MsgCreateBTCDelegation signer is staker_addr; MsgBTCUndelegate verifies the BTC delegator signature; MsgUpdateParams is executable only via governance.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://docs.babylonlabs.io/developers/babylon_genesis_chain/node_information/", + "shows": "Official node docs list Babylon Genesis mainnet bbn-1 RPC, archive RPC, LCD, archive LCD, and gRPC endpoints; attempts to fetch live LCD parameter endpoints were blocked by the available fetch tool's URL allowlist.", + "fetched_at": "2026-05-28T23:05:40Z" + } + ], + "unknowns": [ + "A1-offchain: current BTC staking allow-list expiration/status and whether MsgCreateBTCDelegation is presently gated were not read from live bbn-1 params.", + "A2-offchain: current covenant committee activation process, replacement procedure, and whether any operator can deny admission beyond rejecting pre-lock staking requests were not verified live.", + "A4-offchain: no live contract-level sanctions/blocklist or address-screening state could be queried.", + "A5-offchain: live write-admission params for staking, unbonding, reward claims, and header submission were not read from RPC/LCD because the available fetch path could not open the documented LCD endpoints." + ], + "protocol_metadata": { + "github": [ + "https://github.com/babylonlabs-io/babylon" + ], + "docs_url": "https://docs.babylonlabs.io", + "audits": [], + "governance_forum": "https://forum.babylon.foundation/", + "voting_token": null, + "bug_bounty_url": "https://immunefi.com/bug-bounty/babylon-labs/information/", + "security_contact": "security@babylonlabs.io", + "deployed_contracts_doc": null, + "admin_addresses": [], + "upgradeability": "unknown", + "about": "Babylon lets BTC holders stake native Bitcoin by locking UTXOs in Taproot-based staking scripts rather than wrapping or bridging BTC. The Babylon Genesis chain registers BTC delegations, tracks finality-provider voting power, and distributes BABY rewards. Slashing is enforced through pre-signed transactions, finality-provider EOTS keys, and covenant committee cosignatures." + } + }, + { + "schema_version": 4, + "slug": "babylon-protocol", + "slice": "verifiability", + "snapshot_generated_at": "2026-05-25T10:00:13.281Z", + "prompt_version": 29, + "analysis_date": "2026-05-28", + "model": "gpt-5.5-thinking", + "chat_url": "https://chatgpt.com/share/6a18ce30-bee8-8333-adbf-e96d0feb3cfc", + "grading_basis": "off-chain-only", + "grade": "unknown", + "headline": "Verifiability unknown: public repo, signed release, audits and bounty exist, but no live mainnet binary/source-to-deployment or audit drift check was obtained.", + "short_headline": "Live binary unverified", + "rationale": { + "findings": [ + { + "code": "V1", + "text": "This is not an EVM bytecode/proxy deployment for the available DeFiPunkd ABI endpoint. Official docs list bbn-1, MintScan and Xangle, but no explorer page body or live binary/protocol version proof was obtained." + }, + { + "code": "V2", + "text": "A public source repository exists and release v4.3.0 is a signed GitHub release at verified commit 16e00c8 with SHA256-listed binaries, but no source-to-live-mainnet binary correspondence was established." + }, + { + "code": "V3", + "text": "Official audit docs list initial Genesis audits and v2/v4 upgrade audits, including Zellic and Halborn, but parsed docs did not expose dates, exact commit scope, or deployed-version mapping." + }, + { + "code": "V4", + "text": "Some listed auditors are recognized by the rubric list, including Zellic and Halborn; other listed firms/venues were not classified here as sufficient for a green claim without scope/date details." + }, + { + "code": "V5", + "text": "Post-audit drift was not resolved. The latest fetched release/commit is v4.3.0 from 2026-05-05 and contains security/advisory fixes and an upgrade handler, but no audit-to-current diff or live deployed version proof was fetched." + }, + { + "code": "V6", + "text": "EVM proxy/implementation verification is not applicable; the equivalent unresolved check is whether current bbn-1 validators run code corresponding to the public verified release/commit." + } + ], + "steelman": null, + "verdict": "Blocked because the repository, release, and audit posture are visible off-chain, but the run did not obtain a live, reproducible mapping from Babylon Genesis mainnet state or explorer data to the exact source commit/binary and audit scope. That prevents a green/orange/red verifiability grade under the requested deployed-code standard." + }, + "evidence": [ + { + "url": "https://babylonlabs.io", + "shows": "Official website for Babylon Labs; links to Docs, GitHub, Forum, and Bug Bounty, and describes native self-custodial Bitcoin staking with no wrapping or pegging.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://github.com/babylonlabs-io/babylon", + "shows": "Public Babylon source repository; README describes Bitcoin timestamping and trustless self-custodial Bitcoin staking and links docs.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://immunefi.com/bug-bounty/babylon-labs/information/", + "shows": "Public Immunefi bounty page for Babylon Labs; maximum bounty $500,000, live since 16 September 2024, last updated 28 May 2026.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://github.com/babylonlabs-io/babylon/security/policy", + "shows": "Security policy instructs researchers to privately report vulnerabilities to security@babylonlabs.io or GitHub Private Vulnerability Reporting.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://docs.babylonlabs.io/developers/babylon_genesis_chain/chain_information/", + "shows": "Official chain info identifies Babylon Genesis Mainnet chain ID bbn-1, binary babylond, and genesis date 2025-03-15.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://docs.babylonlabs.io/developers/babylon_genesis_chain/node_information/", + "shows": "Official node docs list Babylon Genesis mainnet bbn-1 RPC, archive RPC, LCD, archive LCD, and gRPC endpoints; attempts to fetch live LCD parameter endpoints were blocked by the available fetch tool's URL allowlist.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://docs.babylonlabs.io/developers/babylon_genesis_chain/explorers/", + "shows": "Official explorer docs list MintScan and Xangle explorers for Babylon Genesis mainnet; MintScan was attempted but yielded no usable page body in this run.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://github.com/babylonlabs-io/babylon/releases", + "shows": "GitHub releases page shows latest v4.3.0 released 2026-05-05, immutable release, signed verified tag, verified commit 16e00c8, and published binary assets with SHA256 hashes.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://github.com/babylonlabs-io/babylon/commit/16e00c88d9cfd2e9f92bb786c474f6e79628a49f", + "commit": "16e00c88d9cfd2e9f92bb786c474f6e79628a49f", + "shows": "Commit 16e00c8 for v4.3.0 includes security/advisory fixes and registers the v4.3 upgrade handler; no live chain proof was fetched tying this commit to the current deployed mainnet binary.", + "fetched_at": "2026-05-28T23:05:40Z" + }, + { + "url": "https://docs.babylonlabs.io/guides/security/audit_reports/", + "shows": "Official audit page lists Phase 1 audits, initial Genesis audits by Coinspect, Zellic and Sherlock, v2 audits by Oak Security and Informal Systems, v4 upgrade audits by Coinspect and Halborn, and frontend app audits by Halborn; the page did not expose exact dates, deployed version mapping, or commit scope in parsed body.", + "fetched_at": "2026-05-28T23:05:40Z" + } + ], + "unknowns": [ + "V1-offchain: no live verified-bytecode analogue was obtained for Babylon Genesis; MintScan/Xangle did not provide usable fetched code/version evidence in this run.", + "V2-offchain: no bytecode/binary/source-to-live-mainnet correspondence was established for the current bbn-1 deployment.", + "V3-offchain: audit report dates, exact contracts/modules, and commit hashes in scope were not extracted from audit PDFs/reports in this run.", + "V4-offchain: auditor recognition was only partially classifiable from the audit index; scope/date details were missing.", + "V5-offchain: no post-audit drift diff was sampled between audit scope and the current release/live deployment.", + "V6-offchain: proxy/implementation verification is not applicable; current node binary/version-to-source verification remains unread." + ], + "protocol_metadata": { + "github": [ + "https://github.com/babylonlabs-io/babylon" + ], + "docs_url": "https://docs.babylonlabs.io", + "audits": [], + "governance_forum": "https://forum.babylon.foundation/", + "voting_token": null, + "bug_bounty_url": "https://immunefi.com/bug-bounty/babylon-labs/information/", + "security_contact": "security@babylonlabs.io", + "deployed_contracts_doc": null, + "admin_addresses": [], + "upgradeability": "unknown", + "about": "Babylon lets BTC holders stake native Bitcoin by locking UTXOs in Taproot-based staking scripts rather than wrapping or bridging BTC. The Babylon Genesis chain registers BTC delegations, tracks finality-provider voting power, and distributes BABY rewards. Slashing is enforced through pre-signed transactions, finality-provider EOTS keys, and covenant committee cosignatures." + } + } +] diff --git a/data/submissions/babylon-protocol/all/claude-2026-05-29.json b/data/submissions/babylon-protocol/all/claude-2026-05-29.json new file mode 100644 index 0000000000..549847ea02 --- /dev/null +++ b/data/submissions/babylon-protocol/all/claude-2026-05-29.json @@ -0,0 +1,517 @@ +[ + { + "schema_version": 4, + "slug": "babylon-protocol", + "slice": "control", + "snapshot_generated_at": "2026-05-25T10:00:13.281Z", + "prompt_version": 29, + "analysis_date": "2026-05-28", + "model": "claude-sonnet-4-6", + "chat_url": "https://claude.ai/share/82deca16-d0f9-4d59-82ca-e0c426dfc2c6", + "grading_basis": "off-chain-only", + "grade": "orange", + "headline": "BABY token governance can upgrade Babylon Genesis chain (T1) on a 1–3 day uncontested path with no confirmed post-vote minimum timelock", + "short_headline": "Governance reaches T1 in 1–3 day vote", + "rationale": { + "findings": [ + { + "code": "C1", + "text": "No EVM contract addresses exist: Babylon Genesis is a Cosmos SDK appchain (chain-id bbn-1); the Bitcoin staking layer uses Bitcoin UTXO scripts. The defipunkd API supports only EVM chain-IDs (1/10/56/130/137/324/8453/42161/43114/59144/81457/534352/11155111); Babylon Genesis is absent. Mintscan.io access was blocked by the fetch allowlist. No on-chain reads of owner/admin/governor addresses were possible this run." + }, + { + "code": "C2", + "text": "Bitcoin staking UTXOs encode all spending conditions at staking time and are immutable thereafter — no admin can modify an existing staker's spending script. The Babylon Genesis chain (Cosmos SDK) is upgradeable via on-chain governance software-upgrade proposals; the entire chain binary can be replaced by a validator-approved upgrade." + }, + { + "code": "C3", + "text": "Execution path for Babylon Genesis changes: (1) proposal submitted with minimum deposit (50,000 BABY standard / 200,000 BABY expedited); (2) voting period (3 days standard / 1 day expedited); (3) execution. For parameter changes, docs state execution is automatic upon approval — no minimum post-vote timelock documented. For software upgrades, 'execution will be scheduled' per docs, but no minimum scheduling delay is documented. Uncontested fast path: 1-day expedited. All values from docs; not re-read on-chain this run." + }, + { + "code": "C4", + "text": "The covenant committee is the only multi-signature component identified. It is an M-of-N multisig (exact M and N not confirmed). Per the covenant-emulator README: committee cannot steal staker funds or slash unilaterally; it can only refuse to co-sign. Changing the committee requires a governance proposal. The committee does not sit on the Babylon Genesis chain upgrade path — it co-signs Bitcoin transactions only." + }, + { + "code": "C5", + "text": "Babylon Genesis governance uses BABY token-weighted voting (Cosmos SDK gov module). Parameters per protocol docs: voting period 3 days standard / 1 day expedited; quorum 33.4% (>1/3); approval threshold 50%; expedited threshold 66.7%; no minimum initial deposit ratio. Not re-read on-chain this run — values are from official documentation only." + }, + { + "code": "C6", + "text": "No distinct emergency-pause or guardian role was found in fetched docs for the Babylon Genesis chain. The covenant committee can de-facto pause new staking activations and early unbonding by refusing to co-sign, but this is not a formal emergency mechanism with a time cap or specific actor scope. No GUARDIAN or PAUSE_ROLE found." + }, + { + "code": "C7", + "text": "Highest reachable tier: T1 for the Babylon Genesis chain. A passed software-upgrade proposal can replace the entire chain binary, including reward distribution, staking module logic, and governance rules. For existing Bitcoin staking UTXOs, governance cannot retroactively modify scripts — T2 at most (change future staking parameters, covenant committee keys for future stakes). The uncontested fast path reaches T1 on the Genesis chain in 1 day (expedited) or 3 days (standard), both below the 7-day bar." + } + ], + "steelman": { + "red": "Governance can upgrade the Babylon Genesis chain (T1 for BABY chain logic, reward distribution, and future staking parameters) via a 1-day expedited path with no confirmed post-vote timelock and no Security Council protection.", + "orange": "A 1–3 day voting period with no confirmed post-vote minimum timelock reaches T1 on the Genesis chain, failing the 7-day bar, while a committee lacking Security Council criteria sits on the covenant key-change path; however, existing Bitcoin staking UTXOs are immutable.", + "green": "Existing Bitcoin staking positions are protected by immutable Bitcoin scripts; the permissionless timelock exit always guarantees principal recovery; governance cannot reach into individual stakers' UTXOs." + }, + "verdict": "Choosing orange because governance reaches T1 on the Babylon Genesis chain (reward distribution, chain upgrades, future staking parameters) via a 1-day expedited or 3-day standard path with no confirmed post-vote minimum timelock — both below the 7-day bar required for green on a T1 path. The covenant committee change path also requires only a 3-day governance vote. While existing Bitcoin staking UTXOs are immutable and individually protected by the Bitcoin timelock path, the Genesis chain's core logic and BABY token mechanics are T1-reachable on the fast path." + }, + "evidence": [ + { + "url": "https://docs.babylonlabs.io/guides/overview/babylon_genesis/governance/", + "shows": "Governance parameters: 3-day standard voting period, 1-day expedited, 33.4% quorum, 50% approval threshold; parameter changes auto-execute upon approval; software upgrades are 'scheduled' — no minimum post-vote timelock stated.", + "fetched_at": "2026-05-28T00:00:00Z" + }, + { + "url": "https://github.com/babylonlabs-io/covenant-emulator", + "shows": "Covenant committee is M-of-N multisig; cannot steal funds or slash unilaterally; can only refuse to co-sign; changing the committee requires a governance proposal.", + "fetched_at": "2026-05-28T00:00:00Z" + }, + { + "url": "https://github.com/babylonlabs-io/babylon", + "shows": "Main Babylon Genesis chain repository (Go/Cosmos SDK); latest release v4.2.5 (Feb 4, 2026); confirms Cosmos SDK appchain architecture with modular upgrade capability via gov module.", + "fetched_at": "2026-05-28T00:00:00Z" + } + ], + "unknowns": [ + "C1-offchain: defipunkd API does not support Babylon Genesis (Cosmos chain, not in supported EVM chainId list); Mintscan.io fetch blocked by allowlist; no on-chain admin/owner reads performed this run", + "C3-offchain: post-vote minimum timelock for parameter changes not re-read on-chain; 'automatic execution' claim is from protocol docs only", + "C4: covenant committee exact M-of-N threshold, member identities, insider/non-insider split, and key custody practices not confirmed from fetched sources", + "C5-offchain: voting period, quorum, and threshold values from docs only; not re-read on-chain this run" + ], + "protocol_metadata": { + "github": [ + "https://github.com/babylonlabs-io/babylon", + "https://github.com/babylonlabs-io/covenant-emulator", + "https://github.com/babylonlabs-io/btc-staker", + "https://github.com/babylonlabs-io/finality-provider" + ], + "docs_url": "https://docs.babylonlabs.io", + "audits": [ + {"firm": "Zellic", "url": "https://docs.babylonlabs.io/assets/files/zellic-phase1-audit.pdf", "date": "2024-06"}, + {"firm": "Coinspect", "url": "https://docs.babylonlabs.io/assets/files/coinspect-phase1-audit.pdf", "date": null}, + {"firm": "Cantina", "url": "https://docs.babylonlabs.io/assets/files/cantina-phase1-competition.pdf", "date": null}, + {"firm": "Oak Security GmbH", "url": null, "date": null}, + {"firm": "Informal Systems", "url": null, "date": null}, + {"firm": "Coinspect", "url": null, "date": null}, + {"firm": "Halborn", "url": null, "date": null} + ], + "governance_forum": "https://forum.babylon.foundation/", + "voting_token": {"chain": "Babylon Genesis", "address": null, "symbol": "BABY"}, + "bug_bounty_url": "https://immunefi.com/bug-bounty/babylon-labs/information/", + "security_contact": "https://github.com/babylonlabs-io/babylon/blob/main/SECURITY.md", + "deployed_contracts_doc": null, + "admin_addresses": [], + "upgradeability": "mixed", + "about": "Babylon is a Bitcoin-native restaking protocol enabling BTC holders to lock bitcoin in self-custodial time-locked UTXO scripts on the Bitcoin blockchain, delegating economic security to Finality Providers that secure Proof-of-Stake networks. A covenant emulation committee (M-of-N multisig) co-signs slashing and unbonding transactions, enabling cryptographically enforced penalties for finality provider misbehavior without wrapping or bridging BTC. The Babylon Genesis chain (Cosmos SDK) serves as the coordination layer, tracking staked Bitcoin state, distributing BABY token rewards, and housing on-chain governance. Stakers retain the ability to reclaim their principal via the Bitcoin native timelock path even if all Babylon infrastructure ceases to operate." + } + }, + { + "schema_version": 4, + "slug": "babylon-protocol", + "slice": "ability-to-exit", + "snapshot_generated_at": "2026-05-25T10:00:13.281Z", + "prompt_version": 29, + "analysis_date": "2026-05-28", + "model": "claude-sonnet-4-6", + "chat_url": "https://claude.ai/share/82deca16-d0f9-4d59-82ca-e0c426dfc2c6", + "grading_basis": "off-chain-only", + "grade": "orange", + "headline": "Timelock withdrawal is permissionless and uncancellable; early unbonding requires covenant committee co-signatures and can be blocked for the full multi-month staking period", + "short_headline": "Timelock exit free; early exit needs committee", + "rationale": { + "findings": [ + { + "code": "E1", + "text": "Three exit functions identified from Zellic audit and protocol docs: (1) timelock path withdrawal — staker broadcasts a Bitcoin tx spending the timelock script path after the staking timelock block-height passes, using only their private key; (2) early unbonding transaction — staker initiates early exit before timelock expiry; (3) withdrawal after unbonding — once the unbonding timelock expires, staker broadcasts a Bitcoin tx to reclaim funds, using only their private key." + }, + { + "code": "E2", + "text": "Timelock path withdrawal: requires only staker Schnorr signature plus Bitcoin timelock condition (older(timelock_blocks)). No admin check, no committee required — pure Bitcoin script. Early unbonding: requires staker signature AND a threshold of covenant committee Schnorr signatures (co-signing the unbonding tx output). Withdrawal after unbonding: requires only staker signature plus the shorter unbonding timelock condition. Timelock-expired exits are unconditionally permissionless." + }, + { + "code": "E3", + "text": "No pause guard exists in Bitcoin UTXO scripts — scripts are immutable and execute purely on the spending conditions encoded at staking time. The covenant committee can refuse to provide unbonding signatures (de facto blocking early unbonding requests), but cannot block the timelock path. No PAUSE_ROLE or guardian role found in the Bitcoin staking layer. Babylon Genesis chain governance cannot retroactively modify existing Bitcoin UTXO spending conditions." + }, + { + "code": "E4", + "text": "No formal emergency/governance pause path exists for Bitcoin staking exits. Bitcoin scripts have no pause capability. Early unbonding is an operator-dependent path (covenant committee) that can be blocked without any on-chain governance vote — it just requires committee non-responsiveness. This means no distinct governance pause vs emergency pause distinction applies; the only 'blocking' mechanism is covenant committee inactivity." + }, + { + "code": "E5", + "text": "Staking timelocks are chosen at staking time and encoded in the Bitcoin script. Phase 1 used a fixed long timelock (on the order of hundreds of days); specific timelock options for mainnet phase 2 were not confirmed from fetched sources. Early unbonding applies a shorter unbonding timelock after committee co-signing. No maximum queue duration for the covenant committee signing pipeline was documented in fetched sources." + }, + { + "code": "E6", + "text": "The Bitcoin timelock path is the protocol's explicit escape hatch. Per the Zellic audit: 'The timelock paths ensure that the system is fail-safe, in the sense that if all Babylon infrastructure ceases operating, the staker can eventually reclaim their stake with just the Bitcoin network.' This requires no external cooperation. The covenant committee README confirms it 'cannot prevent the staker from unbonding or withdrawing their bitcoins' via the timelock path." + }, + { + "code": "E7", + "text": "Exit functions are directly callable on Bitcoin without the official frontend: (1) timelock withdrawal can be broadcast using any Bitcoin wallet or the open-source btc-staker CLI (create-phase1-staking-transaction et al.); (2) early unbonding requires signing via the covenant signer API, accessible via the btc-staker daemon or cli-tools binary (create-phase1-unbonding-request command) without btcstaking.babylonlabs.io. Third-party wallets (OKX, Binance Web3, OneKey) also provide access." + } + ], + "steelman": { + "red": "During the staking period — which can be hundreds of days — the only early exit path requires covenant committee co-signatures from a permissioned, potentially insider-controlled multi-sig; if the committee goes offline or refuses, stakers are trapped for the full lockup duration with no recourse except waiting.", + "orange": "Early unbonding requires a permissioned committee, and staking timelocks can last many months, making the effective maximum queue for early exit unbounded; but timelock-expired claims are unconditionally permissionless and no admin can add delay beyond the user-agreed lockup period.", + "green": "Bitcoin UTXO scripts are immutable and cannot be paused by any admin; claims of timelock-expired exits are unconditionally permissionless; the system was explicitly designed so stakers can always recover principal with only the Bitcoin network; user-chosen lockups are not admin-imposed barriers." + }, + "verdict": "Choosing orange because during the staking period, the only available early-exit path requires covenant committee co-signatures via an off-chain signing pipeline, and the committee can go offline or refuse, blocking early exit for the full staking lockup period (potentially hundreds of days). While the timelock withdrawal path is genuinely permissionless and uncancellable after expiry, the multi-month staking lockup combined with committee-gated early exit fits the 'queued redemption with documented max > 7 days' condition. No admin can add delay beyond the agreed lockup, which prevents a red grade." + }, + "evidence": [ + { + "url": "https://docs.babylonlabs.io/assets/files/zellic-phase1-audit.pdf", + "shows": "Miniscript formulations of all three spending paths; explicit statement that timelock paths are fail-safe if all infrastructure ceases; early unbonding requires staker signature AND covenant committee threshold Schnorr signatures; withdrawal after unbonding requires only staker signature plus timelock.", + "fetched_at": "2026-05-28T00:00:00Z" + }, + { + "url": "https://github.com/babylonlabs-io/covenant-emulator", + "shows": "Committee cannot prevent staker from withdrawing via timelock path ('protocol requires the committee to pre-sign all the transactions'); committee can refuse to co-sign new unbonding requests; unbonding signature (Schnorr) is required for on-demand early unbonding.", + "fetched_at": "2026-05-28T00:00:00Z" + }, + { + "url": "https://docs.babylonlabs.io/guides/overview/bitcoin_staking/", + "shows": "Security property: 'Asset Safety: Guaranteed withdrawal capability for honest stakers and validators'; 'Liquidity Assurance: Secure, efficient unbonding without social consensus requirements.'", + "fetched_at": "2026-05-28T00:00:00Z" + } + ], + "unknowns": [ + "E1-offchain: defipunkd API does not support Bitcoin or Cosmos chains; no on-chain function enumeration from block explorer performed this run", + "E5: exact staking timelock duration options available in mainnet phase 2, and covenant committee signing pipeline maximum queue time, not confirmed from fetched sources", + "E3-offchain: no live contract/script read performed to confirm absence of pause guard; assertion based on Bitcoin script architecture from audit PDF and docs" + ], + "protocol_metadata": { + "github": [ + "https://github.com/babylonlabs-io/babylon", + "https://github.com/babylonlabs-io/covenant-emulator", + "https://github.com/babylonlabs-io/btc-staker", + "https://github.com/babylonlabs-io/finality-provider" + ], + "docs_url": "https://docs.babylonlabs.io", + "audits": [ + {"firm": "Zellic", "url": "https://docs.babylonlabs.io/assets/files/zellic-phase1-audit.pdf", "date": "2024-06"}, + {"firm": "Coinspect", "url": "https://docs.babylonlabs.io/assets/files/coinspect-phase1-audit.pdf", "date": null}, + {"firm": "Cantina", "url": "https://docs.babylonlabs.io/assets/files/cantina-phase1-competition.pdf", "date": null}, + {"firm": "Oak Security GmbH", "url": null, "date": null}, + {"firm": "Informal Systems", "url": null, "date": null}, + {"firm": "Coinspect", "url": null, "date": null}, + {"firm": "Halborn", "url": null, "date": null} + ], + "governance_forum": "https://forum.babylon.foundation/", + "voting_token": {"chain": "Babylon Genesis", "address": null, "symbol": "BABY"}, + "bug_bounty_url": "https://immunefi.com/bug-bounty/babylon-labs/information/", + "security_contact": "https://github.com/babylonlabs-io/babylon/blob/main/SECURITY.md", + "deployed_contracts_doc": null, + "admin_addresses": [], + "upgradeability": "mixed", + "about": "Babylon is a Bitcoin-native restaking protocol enabling BTC holders to lock bitcoin in self-custodial time-locked UTXO scripts on the Bitcoin blockchain, delegating economic security to Finality Providers that secure Proof-of-Stake networks. A covenant emulation committee (M-of-N multisig) co-signs slashing and unbonding transactions, enabling cryptographically enforced penalties for finality provider misbehavior without wrapping or bridging BTC. The Babylon Genesis chain (Cosmos SDK) serves as the coordination layer, tracking staked Bitcoin state, distributing BABY token rewards, and housing on-chain governance. Stakers retain the ability to reclaim their principal via the Bitcoin native timelock path even if all Babylon infrastructure ceases to operate." + } + }, + { + "schema_version": 4, + "slug": "babylon-protocol", + "slice": "autonomy", + "snapshot_generated_at": "2026-05-25T10:00:13.281Z", + "prompt_version": 29, + "analysis_date": "2026-05-28", + "model": "claude-sonnet-4-6", + "chat_url": "https://claude.ai/share/82deca16-d0f9-4d59-82ca-e0c426dfc2c6", + "grading_basis": "off-chain-only", + "grade": "orange", + "headline": "Bitcoin principal (~57K BTC) protected by immutable timelock escape hatch; Babylon Genesis chain liveness required for rewards and early exit; covenant committee required for early unbonding", + "short_headline": "Principal safe via timelock; yield needs Genesis chain", + "rationale": { + "findings": [ + { + "code": "A1", + "text": "External contract calls: Bitcoin UTXO staking scripts do not call external contracts — they are non-interactive scripts evaluated by Bitcoin consensus. The Babylon Genesis chain (Cosmos SDK) does not call external EVM contracts from its core modules. The chain monitors the Bitcoin blockchain for staking/unbonding/withdrawal transactions via the off-chain vigilante service. No oracle feeds, price aggregators, or external smart contracts were identified as dependencies in the core Bitcoin staking or Genesis chain modules from fetched sources." + }, + { + "code": "A2", + "text": "Off-chain committees: (1) Covenant committee (M-of-N multisig, exact composition unconfirmed) monitors Babylon Genesis and co-signs slashing/unbonding transactions. Dishonest majority can refuse to co-sign (blocking new staking activations and early unbonding), or collude with stakers to dodge slashing. It cannot steal funds or slash unilaterally. Governance-replaceable via proposal. (2) Finality Providers (250+ on mainnet per website) run EOTS keys; equivocation causes automatic key exposure and slashing via pre-signed adaptor signatures. Diversification across 250+ providers bounds single-FP failure impact. (3) Vigilante service (Babylon Labs operated) relays Bitcoin events to the Genesis chain; if offline, reward accounting and staking tracking may lag, but principal recovery via Bitcoin timelock is unaffected." + }, + { + "code": "A3", + "text": "Bridge/cross-chain: Bitcoin staking is fully native — staking transactions occur on the Bitcoin blockchain with no bridge or cross-chain message required. The Babylon Genesis chain uses IBC for future BSN (Bitcoin Supercharged Network) integrations, but no material TVL on external chains was identified in fetched sources as of analysis date. No bridge dependency for core BTC staking." + }, + { + "code": "A4", + "text": "Nested collateral: Babylon is the base layer of a planned restaking stack — staked BTC secures Babylon Genesis, which will in turn secure Bitcoin Supercharged Networks. A BSN-specific finality provider misbehavior would trigger slashing for that FP's delegators. Stakers opt in to specific finality providers and thus choose their restaking exposure. Failure at BSN level propagates to BTC slashing only for delegators to the misbehaving FP, not systemically across the entire staked BTC pool." + }, + { + "code": "A6", + "text": "Fallback mechanisms: (1) Bitcoin timelock path is the ultimate fallback — guaranteed principal recovery without any Babylon infrastructure after staking timelock expiry. This mechanism is LIVE and enforcing on-chain (it is the Bitcoin script itself, deployed and immutable at staking time). (2) 250+ finality provider diversification bounds single-operator slashing impact. (3) Governance can replace a compromised covenant committee (3-day path). The vigilante service has no fallback documented in fetched sources; its failure degrades reward tracking but does not affect fund safety." + }, + { + "code": "A7", + "text": "Not applicable: Babylon Genesis is a standalone Cosmos SDK appchain with its own CometBFT validator set, not an app-rollup or L2/L3 appchain whose sequencer is a protocol-internal component. Bitcoin blockchain is the substrate for BTC staking. No sequencer dependency beyond the base chains." + }, + { + "code": "A8", + "text": "Keeper/relayer liveness: (1) Covenant committee must co-sign new staking activations and early unbonding; if unresponsive, new stakes cannot be activated and early exits are blocked (non-catastrophic; timelock path remains). (2) Vigilante service relays Bitcoin transactions to Babylon Genesis; if down, staking event tracking and rewards may lag, not principal. (3) Unbonding pipeline processes early unbonding requests; if down, early exit is delayed. All three failure modes are bounded — degraded for yield/early-exit, not catastrophic for principal." + }, + { + "code": "A9", + "text": "Governance-mutable external dependencies: (1) Covenant committee public keys are on-chain parameters changeable via governance proposal (3-day standard / 1-day expedited). A governance attack could install a compromised committee for future stakes (not retroactive on existing UTXOs). (2) Babylon Genesis software upgrades can register new BSN modules or staking modules that call external contracts, without per-user exit windows since no post-vote timelock is confirmed. This represents a latent A9 risk for future integrations." + } + ], + "steelman": { + "red": "The covenant committee is a required off-chain committee for new staking activations and early unbonding; its exact M/N composition and member identities are not publicly confirmed, and governance can hot-swap the committee in 1-3 days without a post-vote exit window; a coordinated committee failure blocks early exits for ~57K BTC worth of staked value.", + "orange": "Babylon Genesis chain failure causes loss of unclaimed BABY rewards and blocks early unbonding for the ~57K BTC staked base, fitting Stage 1; but Bitcoin principal is always recoverable via the immutable timelock path — no single external dependency can cause permanent principal loss.", + "green": "The Bitcoin timelock escape hatch guarantees principal recovery without Babylon infrastructure; 250+ finality providers diversify operator risk; the covenant committee cannot steal funds or slash unilaterally; slashing requires multi-party cryptographic key exposure." + }, + "verdict": "Choosing orange because Babylon Genesis chain liveness is required for reward distribution, early unbonding processing, and staking state tracking (affecting 100% of TVS for yield, ~57K BTC worth); and the covenant committee introduces a committee liveness dependency for early unbonding. However, Bitcoin principal (the ~57K BTC staked) is always recoverable via the permissionless timelock path without any Babylon infrastructure — this bounds the worst-case outcome to yield loss and temporary early-exit disruption rather than principal loss, consistent with Stage 1 / orange. Impacted TVS in worst unmitigated single-dependency failure: 100% of accumulated yield + early-exit for full ~57K BTC staked; principal protected." + }, + "evidence": [ + { + "url": "https://docs.babylonlabs.io/assets/files/zellic-phase1-audit.pdf", + "shows": "Timelock path is fail-safe: staker can reclaim stake using only Bitcoin network if all infrastructure ceases. Covenant committee can refuse co-signing but cannot steal or slash unilaterally. Slashing requires finality provider EOTS key exposure via equivocation — multi-party condition.", + "fetched_at": "2026-05-28T00:00:00Z" + }, + { + "url": "https://github.com/babylonlabs-io/covenant-emulator", + "shows": "Committee cannot steal staker bitcoins; cannot slash unilaterally (requires finality provider secret key); cannot prevent withdrawal via timelock path; can only refuse to co-sign. Committee keys changeable via governance proposal.", + "fetched_at": "2026-05-28T00:00:00Z" + }, + { + "url": "https://babylonlabs.io/", + "shows": "Over 56,853 BTC (~$5.64B) staked on mainnet; 250+ finality providers globally; confirms phase 2 mainnet is live.", + "fetched_at": "2026-05-28T00:00:00Z" + }, + { + "url": "https://docs.babylonlabs.io/guides/overview/babylon_genesis/", + "shows": "Babylon Genesis chain coordinates staking state, distributes rewards, and manages governance; failure of this chain would halt reward distribution and early exit processing, but Bitcoin UTXOs remain claimable via timelock.", + "fetched_at": "2026-05-28T00:00:00Z" + } + ], + "unknowns": [ + "A1-offchain: no on-chain module code inspection performed; dependency on oracle or external contracts confirmed absent from docs/audit only", + "A2: covenant committee exact M-of-N threshold, member identities, insider/non-insider split, and key custody practices not confirmed from fetched sources", + "A6: vigilante service and unbonding pipeline activation status (LIVE vs merely deployed) not confirmed from on-chain reads this run; fallback for vigilante failure not documented in fetched sources" + ], + "protocol_metadata": { + "github": [ + "https://github.com/babylonlabs-io/babylon", + "https://github.com/babylonlabs-io/covenant-emulator", + "https://github.com/babylonlabs-io/btc-staker", + "https://github.com/babylonlabs-io/finality-provider" + ], + "docs_url": "https://docs.babylonlabs.io", + "audits": [ + {"firm": "Zellic", "url": "https://docs.babylonlabs.io/assets/files/zellic-phase1-audit.pdf", "date": "2024-06"}, + {"firm": "Coinspect", "url": "https://docs.babylonlabs.io/assets/files/coinspect-phase1-audit.pdf", "date": null}, + {"firm": "Cantina", "url": "https://docs.babylonlabs.io/assets/files/cantina-phase1-competition.pdf", "date": null}, + {"firm": "Oak Security GmbH", "url": null, "date": null}, + {"firm": "Informal Systems", "url": null, "date": null}, + {"firm": "Coinspect", "url": null, "date": null}, + {"firm": "Halborn", "url": null, "date": null} + ], + "governance_forum": "https://forum.babylon.foundation/", + "voting_token": {"chain": "Babylon Genesis", "address": null, "symbol": "BABY"}, + "bug_bounty_url": "https://immunefi.com/bug-bounty/babylon-labs/information/", + "security_contact": "https://github.com/babylonlabs-io/babylon/blob/main/SECURITY.md", + "deployed_contracts_doc": null, + "admin_addresses": [], + "upgradeability": "mixed", + "about": "Babylon is a Bitcoin-native restaking protocol enabling BTC holders to lock bitcoin in self-custodial time-locked UTXO scripts on the Bitcoin blockchain, delegating economic security to Finality Providers that secure Proof-of-Stake networks. A covenant emulation committee (M-of-N multisig) co-signs slashing and unbonding transactions, enabling cryptographically enforced penalties for finality provider misbehavior without wrapping or bridging BTC. The Babylon Genesis chain (Cosmos SDK) serves as the coordination layer, tracking staked Bitcoin state, distributing BABY token rewards, and housing on-chain governance. Stakers retain the ability to reclaim their principal via the Bitcoin native timelock path even if all Babylon infrastructure ceases to operate." + } + }, + { + "schema_version": 4, + "slug": "babylon-protocol", + "slice": "open-access", + "snapshot_generated_at": "2026-05-25T10:00:13.281Z", + "prompt_version": 29, + "analysis_date": "2026-05-28", + "model": "claude-sonnet-4-6", + "chat_url": "https://claude.ai/share/82deca16-d0f9-4d59-82ca-e0c426dfc2c6", + "grading_basis": "off-chain-only", + "grade": "green", + "headline": "Bitcoin staking and timelock withdrawal are permissionless at the contract layer; ToS restricts the official Interface for Canada/Australia/sanctioned regions but explicitly exempts the underlying protocol", + "short_headline": "Permissionless Bitcoin layer; ToS on Interface only", + "rationale": { + "findings": [ + { + "code": "A1", + "text": "No whitelist or KYC modifier in Bitcoin staking scripts: staking is executed by broadcasting a Bitcoin transaction conforming to the staking script format. No 'onlyWhitelisted', 'allowlist', 'isKYCed', or address-based gate was found. Any Bitcoin holder can create a valid staking transaction. Timelock withdrawal is also fully permissionless — requires only the staker's private key and the Bitcoin script." + }, + { + "code": "A2", + "text": "Off-chain operator admission by function class: (1) Staking entry: unconditional — user broadcasts Bitcoin staking transaction directly to Bitcoin network with no operator approval. (2) Timelock withdrawal: unconditional — user broadcasts Bitcoin tx after lock expiry with no operator. (3) Early unbonding request: requires covenant committee Schnorr signatures — gated by the committee. However, the committee is governance-managed with a documented replacement procedure (governance proposal), making it a governed committee, not a single-point unilateral operator. Early unbonding is an acceleration of the timelock exit, not the primary exit path. (4) BABY staking/governance on Genesis chain: permissionless." + }, + { + "code": "A3", + "text": "Official Interface restrictions (A3-active): the official Interface at btcstaking.babylonlabs.io and staking API are subject to eligibility restrictions per section 2 of the ToS (geo-blocking specifics not confirmed from page rendering). The ToS restricts Excluded Jurisdictions (Canada, Australia) and sanctioned territories. These are publisher-side restrictions on one specific client; the ToS explicitly states: 'Anyone with internet access and technical sophistication can interact directly with the Protocols...You don't need the Interface to interact with the Protocols.' This is A3-passive plus A3-active (eligibility clauses) on the publisher's interface only." + }, + { + "code": "A3b", + "text": "Independent access paths confirmed from fetched sources: (1) btc-staking-ts TypeScript library (open-source SDK, GitHub); (2) btc-staker Go CLI daemon with staking/unbonding commands (GitHub); (3) cli-tools binary with create-phase1-staking-tx command (GitHub); (4) Third-party wallet integrations listed on official homepage: OKX Wallet, Binance Web3 Wallet, OneKey, Ankr, Kiln, F2Pool — separate legal entities with independent integrations; (5) babylond CLI for Babylon Genesis chain functions. Multiple independent A3b paths exist from separate legal entities." + }, + { + "code": "A4", + "text": "No contract-level on-chain blocklist found: Bitcoin scripts do not implement OFAC or sanctions screening. Babylon Genesis chain (Cosmos SDK) does not implement on-chain address blocking in the protocol code visible from fetched docs and audit. Sanctions compliance appears only in the Interface/API ToS (section 2c–f)." + }, + { + "code": "A5", + "text": "Read access: Bitcoin blockchain is fully public — all staking UTXOs visible to anyone. Babylon Genesis chain state is publicly queryable via gRPC/REST and Mintscan. Write access: staking and timelock withdrawal are permissionless. Early unbonding requires committee co-signature. BABY staking/governance on Genesis chain is permissionless (any BABY holder can stake or vote)." + }, + { + "code": "A6", + "text": "ToS section 2 verbatim eligibility clauses: 'you are not eligible to access or use any Service...if you are currently or ordinarily located or resident in (or incorporated or organized in) Canada or Australia (collectively, \"Excluded Jurisdictions\")'; 'if you are a resident or agent of, or an entity organized, incorporated or doing business in, any country to which the United States, the United Kingdom, the European Union or any of its member states or the United Nations...embargoes goods or imposes sanctions'. The term 'Service' is defined as the Website, Interface, and API — not the Protocols." + } + ], + "steelman": { + "red": "Early unbonding — a core user action required to recover principal before timelock expiry — requires covenant committee co-signatures; if the committee is small and insider-controlled, this is effectively single-party admission gating of the main timely-exit function.", + "orange": "The covenant committee gates early unbonding (a core user function), and the ToS restricts the primary official Interface for Canadian and Australian users, reducing practical accessibility for a significant user population without confirmed independent path equivalence.", + "green": "Bitcoin staking and timelock withdrawal are fully permissionless at the contract level; the ToS explicitly states the Interface is not required to interact with the Protocols; multiple independent SDK and wallet integration paths exist from separate legal entities (OKX, Binance Web3, btc-staker CLI, btc-staking-ts)." + }, + "verdict": "Choosing green because the core Bitcoin staking contract layer (staking entry and timelock exit) is fully permissionless — any BTC holder with a compatible wallet can stake and withdraw at maturity without Babylon Labs' cooperation. The ToS restrictions apply only to the official Interface/API, and the ToS itself explicitly states users do not need the Interface to interact with the Protocols. Multiple independent A3b paths exist from separate legal entities. The covenant committee for early unbonding is a governance-managed, protocol-designed feature for the optional early-exit path, not a whitelist gate on the primary staking admission or guaranteed exit." + }, + "evidence": [ + { + "url": "https://babylonlabs.io/terms-of-use", + "shows": "Section 2 restrictions apply to 'Services' (Interface, API, Website), not the Protocols; Section 1 states: 'Anyone with internet access and technical sophistication can interact directly with the Protocols...You don't need the Interface to interact with the Protocols.' Excluded Jurisdictions: Canada, Australia.", + "fetched_at": "2026-05-28T00:00:00Z" + }, + { + "url": "https://babylonlabs.io/", + "shows": "Ecosystem section lists OKX Wallet, Binance Web3, Ankr, OneKey, Kiln, F2Pool as independent third-party integrations. GitHub SDK and CLI tools linked as 'Open Sourced'.", + "fetched_at": "2026-05-28T00:00:00Z" + }, + { + "url": "https://github.com/babylonlabs-io/babylon", + "shows": "btc-staker CLI, cli-tools, and btc-staking-ts published as open-source, enabling direct protocol interaction. simple-staking described in Zellic audit as 'a reference implementation for entities that want to set up their own staking website.'", + "fetched_at": "2026-05-28T00:00:00Z" + }, + { + "url": "https://github.com/babylonlabs-io/covenant-emulator", + "shows": "Covenant committee replacement requires a governance proposal (on-chain, documented), not informal rotation — confirming governance-managed committee with documented replacement procedure.", + "fetched_at": "2026-05-28T00:00:00Z" + } + ], + "unknowns": [ + "A2: covenant committee exact M/N threshold and insider/non-insider classification not confirmed; if committee is majority-insider, the A2 orange criterion (permissioned committee without documented governance replacement) would need re-evaluation — replacement procedure IS documented but insider ratio unknown", + "A4-offchain: absence of on-chain blocklist confirmed from docs/audit architecture only; no live module read performed" + ], + "protocol_metadata": { + "github": [ + "https://github.com/babylonlabs-io/babylon", + "https://github.com/babylonlabs-io/covenant-emulator", + "https://github.com/babylonlabs-io/btc-staker", + "https://github.com/babylonlabs-io/finality-provider" + ], + "docs_url": "https://docs.babylonlabs.io", + "audits": [ + {"firm": "Zellic", "url": "https://docs.babylonlabs.io/assets/files/zellic-phase1-audit.pdf", "date": "2024-06"}, + {"firm": "Coinspect", "url": "https://docs.babylonlabs.io/assets/files/coinspect-phase1-audit.pdf", "date": null}, + {"firm": "Cantina", "url": "https://docs.babylonlabs.io/assets/files/cantina-phase1-competition.pdf", "date": null}, + {"firm": "Oak Security GmbH", "url": null, "date": null}, + {"firm": "Informal Systems", "url": null, "date": null}, + {"firm": "Coinspect", "url": null, "date": null}, + {"firm": "Halborn", "url": null, "date": null} + ], + "governance_forum": "https://forum.babylon.foundation/", + "voting_token": {"chain": "Babylon Genesis", "address": null, "symbol": "BABY"}, + "bug_bounty_url": "https://immunefi.com/bug-bounty/babylon-labs/information/", + "security_contact": "https://github.com/babylonlabs-io/babylon/blob/main/SECURITY.md", + "deployed_contracts_doc": null, + "admin_addresses": [], + "upgradeability": "mixed", + "about": "Babylon is a Bitcoin-native restaking protocol enabling BTC holders to lock bitcoin in self-custodial time-locked UTXO scripts on the Bitcoin blockchain, delegating economic security to Finality Providers that secure Proof-of-Stake networks. A covenant emulation committee (M-of-N multisig) co-signs slashing and unbonding transactions, enabling cryptographically enforced penalties for finality provider misbehavior without wrapping or bridging BTC. The Babylon Genesis chain (Cosmos SDK) serves as the coordination layer, tracking staked Bitcoin state, distributing BABY token rewards, and housing on-chain governance. Stakers retain the ability to reclaim their principal via the Bitcoin native timelock path even if all Babylon infrastructure ceases to operate." + } + }, + { + "schema_version": 4, + "slug": "babylon-protocol", + "slice": "verifiability", + "snapshot_generated_at": "2026-05-25T10:00:13.281Z", + "prompt_version": 29, + "analysis_date": "2026-05-28", + "model": "claude-sonnet-4-6", + "chat_url": "https://claude.ai/share/82deca16-d0f9-4d59-82ca-e0c426dfc2c6", + "grading_basis": "off-chain-only", + "grade": "orange", + "headline": "All source code is public and multi-firm audited; EVM bytecode verification is not applicable for this Cosmos appchain; exact scope and dates of v4 upgrade audits (Coinspect + Halborn) not confirmed from fetched evidence", + "short_headline": "Public code + recognized audits; Cosmos V1 N/A", + "rationale": { + "findings": [ + { + "code": "V1", + "text": "Block explorer bytecode verification is not applicable for the Babylon Genesis chain (Cosmos SDK / CometBFT) — no Etherscan-style bytecode verification exists for Cosmos appchains. The Bitcoin staking layer uses Bitcoin UTXO scripts embedded in Bitcoin transactions, publicly visible on Bitcoin explorers (blockstream.info, mempool.space) but not 'smart contracts' in the EVM verification sense. Verification of the deployed Babylon Genesis binary would require a reproducible-build comparison against the tagged GitHub source, which was not performed this run." + }, + { + "code": "V2", + "text": "Source-to-repo correspondence: 60+ public GitHub repositories exist at github.com/babylonlabs-io covering all major components (babylon main chain, covenant-emulator, btc-staker, finality-provider, btc-staking-ts, simple-staking, vigilante, babylon-staking-indexer). Latest babylon release: v4.2.5 (tagged Feb 4, 2026). No deploy-commit SHA pinning was performed this run; correspondence between the v4.2.5 binary and the GitHub source was not independently verified via bytecode comparison." + }, + { + "code": "V3", + "text": "Audit coverage per fetched audit reports page: (1) Phase 1 Bitcoin staking protocol: Zellic (Apr–May 2024, PDF fetched, no critical/high findings, specific commit SHAs scoped), Coinspect (phase 1, PDF URL found but not fetched this run), Cantina security competition (phase 1). (2) Babylon Genesis v2 upgrade: Oak Security GmbH and Informal Systems (PDF URLs not found in fetched sources). (3) Babylon Genesis v4 upgrade: Coinspect and Halborn (PDFs not fetched; exact scope, dates, and commit SHAs unconfirmed). (4) Frontend staking application: Halborn. Current deployment is v4.2.5; v4 upgrade audits should cover the current version direction but patch-level drift from v4.0.x to v4.2.5 cannot be ruled out without fetching the v4 audit PDFs." + }, + { + "code": "V4", + "text": "Auditor recognition: Zellic — recognized (confirmed by fetched audit PDF); Coinspect — recognized blockchain security firm; Halborn — recognized (listed in prompt's recognized firms); Oak Security GmbH — recognized Cosmos/Web3 security firm; Informal Systems — recognized cryptography and Cosmos security firm (well-known for IBC/CometBFT work); Cantina — security competition platform (legitimate). All major auditing firms are industry-recognized." + }, + { + "code": "V5", + "text": "Post-audit drift: the v4 upgrade audits (Coinspect + Halborn) were performed for 'the Babylon Genesis v4 Upgrade' per the audit reports page. The current release is v4.2.5 (Feb 4, 2026). The babylon GitHub repo has 1,231 commits total. Specific diff between audited v4 release commit and v4.2.5 was not inspected this run. Minor version bumps (4.0 → 4.2.5) may include material or non-material changes; cannot determine drift severity without reviewing the diff. The Zellic phase 1 audit (June 2024) predates the current v4 deployment by over a year, though v4-specific audits were commissioned to bridge this gap." + }, + { + "code": "V6", + "text": "Not applicable: no proxy contracts exist on the Babylon Genesis chain (Cosmos SDK modules are not proxy-patterned) or the Bitcoin staking layer. No implementation-vs-proxy verification split is needed." + } + ], + "steelman": { + "red": "The Cosmos appchain binary cannot be bytecode-verified on any standard block explorer; the exact deployed binary of v4.2.5 has not been independently verified against a specific audited commit this run; no bytecode-level proof of correspondence to the public source exists.", + "orange": "EVM-style bytecode verification (V1) is not achievable for this Cosmos chain type; v4 upgrade audit PDFs (Coinspect + Halborn) were not fetched to confirm exact scope and dates; patch-level drift from v4.0.x to v4.2.5 cannot be ruled out; and the Zellic phase 1 audit (June 2024) is over a year old.", + "green": "All source code is public on GitHub across 60+ repos; multiple industry-recognized firms audited each major version (Zellic, Coinspect, Cantina for Phase 1; Oak Security + Informal Systems for v2; Coinspect + Halborn for v4); the Zellic audit found no critical or high severity findings; an active Immunefi bug bounty supplements ongoing security review." + }, + "verdict": "Choosing orange because (1) EVM-style deployed bytecode verification (V1) is inherently not achievable for a Cosmos appchain, leaving the deployed binary unverifiable via standard means; and (2) the exact scope, dates, and commit SHA coverage of the v4 upgrade audits (Coinspect + Halborn) were not confirmed — these PDFs were not fetched — so potential drift between the audited v4 release and the current v4.2.5 deployment cannot be excluded. The public repos, multi-firm recognized audit history, and Immunefi bug bounty are strong signals that prevent a red grade." + }, + "evidence": [ + { + "url": "https://docs.babylonlabs.io/guides/security/audit_reports/", + "shows": "Lists auditors by phase: Zellic/Coinspect/Sherlock for Genesis chain initial; Oak Security + Informal Systems for v2; Coinspect + Halborn for v4; Halborn for frontend. Confirms multi-firm audit history across protocol lifecycle.", + "fetched_at": "2026-05-28T00:00:00Z" + }, + { + "url": "https://docs.babylonlabs.io/assets/files/zellic-phase1-audit.pdf", + "shows": "Zellic assessment April–May 2024; scope includes babylon (commit 8d76979), btc-staking-ts, simple-staking, btc-staker, cli-tools, covenant-signer, staking-api-service, staking-indexer at specific commit SHAs. No critical or high findings. Zellic is a recognized security firm.", + "fetched_at": "2026-05-28T00:00:00Z" + }, + { + "url": "https://github.com/babylonlabs-io/babylon", + "shows": "Public source repository; latest release v4.2.5 (Feb 4, 2026); full Go source for all chain modules; 1,231 commits on main branch; Apache/MIT licensed.", + "fetched_at": "2026-05-28T00:00:00Z" + }, + { + "url": "https://github.com/babylonlabs-io", + "shows": "60+ public repositories across all protocol components; confirms open-source posture across all major subsystems.", + "fetched_at": "2026-05-28T00:00:00Z" + } + ], + "unknowns": [ + "V1-offchain: standard block explorer bytecode verification not applicable for Cosmos appchain; reproducible-build comparison between v4.2.5 tag and deployed binary not attempted this run", + "V3: v4 upgrade audit PDFs (Coinspect + Halborn) not fetched; exact audit dates, commit SHAs in scope, and coverage of v4.2.5 not confirmed from fetched evidence", + "V5: post-audit drift between v4.0 audited commit and current v4.2.5 not assessed; GitHub diff not inspected this run; commit count and patch version bumps not analyzed for materiality" + ], + "protocol_metadata": { + "github": [ + "https://github.com/babylonlabs-io/babylon", + "https://github.com/babylonlabs-io/covenant-emulator", + "https://github.com/babylonlabs-io/btc-staker", + "https://github.com/babylonlabs-io/finality-provider" + ], + "docs_url": "https://docs.babylonlabs.io", + "audits": [ + {"firm": "Zellic", "url": "https://docs.babylonlabs.io/assets/files/zellic-phase1-audit.pdf", "date": "2024-06"}, + {"firm": "Coinspect", "url": "https://docs.babylonlabs.io/assets/files/coinspect-phase1-audit.pdf", "date": null}, + {"firm": "Cantina", "url": "https://docs.babylonlabs.io/assets/files/cantina-phase1-competition.pdf", "date": null}, + {"firm": "Oak Security GmbH", "url": null, "date": null}, + {"firm": "Informal Systems", "url": null, "date": null}, + {"firm": "Coinspect", "url": null, "date": null}, + {"firm": "Halborn", "url": null, "date": null} + ], + "governance_forum": "https://forum.babylon.foundation/", + "voting_token": {"chain": "Babylon Genesis", "address": null, "symbol": "BABY"}, + "bug_bounty_url": "https://immunefi.com/bug-bounty/babylon-labs/information/", + "security_contact": "https://github.com/babylonlabs-io/babylon/blob/main/SECURITY.md", + "deployed_contracts_doc": null, + "admin_addresses": [], + "upgradeability": "mixed", + "about": "Babylon is a Bitcoin-native restaking protocol enabling BTC holders to lock bitcoin in self-custodial time-locked UTXO scripts on the Bitcoin blockchain, delegating economic security to Finality Providers that secure Proof-of-Stake networks. A covenant emulation committee (M-of-N multisig) co-signs slashing and unbonding transactions, enabling cryptographically enforced penalties for finality provider misbehavior without wrapping or bridging BTC. The Babylon Genesis chain (Cosmos SDK) serves as the coordination layer, tracking staked Bitcoin state, distributing BABY token rewards, and housing on-chain governance. Stakers retain the ability to reclaim their principal via the Bitcoin native timelock path even if all Babylon infrastructure ceases to operate." + } + } +] diff --git a/data/submissions/babylon-protocol/all/grok-2026-05-29.json b/data/submissions/babylon-protocol/all/grok-2026-05-29.json new file mode 100644 index 0000000000..88e93ef43d --- /dev/null +++ b/data/submissions/babylon-protocol/all/grok-2026-05-29.json @@ -0,0 +1,291 @@ +[ + { + "schema_version": 4, + "slug": "babylon-protocol", + "slice": "control", + "snapshot_generated_at": "2026-05-25T10:00:13.281Z", + "prompt_version": 29, + "analysis_date": "2026-05-28", + "model": "grok-xai", + "chat_url": "https://grok.com/share/c2hhcmQtNQ_9b2a497f-bfc6-435e-a38e-93af4f0667e5", + "grading_basis": "off-chain-only", + "grade": "green", + "headline": "Self-custodial BTC core with scoped 6/9 Covenant Committee (unbonding verifier only) + BABY-governed Cosmos coordination layer; T1 unreachable, ~7-day on-chain unbonding delay on fast path.", + "short_headline": "Green: limited-scope multisig + gov timelock-equivalent", + "rationale": { + "findings": [ + {"code": "C1", "text": "No EVM contract owner/admin/governor/pendingOwner readable (protocol is Bitcoin-native + Cosmos SDK Babylon Genesis). Covenant Committee (6/9 multisig) controls only unbonding co-signatures; Babylon Labs holds 3/9 keys, others reputable entities (AltLayer, CoinSummer Labs, Cubist, Informal Systems, RockX, Zellic). Committee explicitly cannot steal BTC or block expiration withdrawal."}, + {"code": "C2", "text": "Bitcoin staking scripts immutable post-confirmation (Taproot timelock + covenant multisig paths). Babylon Genesis (Cosmos SDK) upgradeable via on-chain BABY governance; no proxy admin address or UUPS/Diamond found. Mixed upgradeability."}, + {"code": "C3", "text": "Unbonding execution path: staker creates BTC unbonding tx → 6/9 Covenant Committee co-sign (fast path if online) → 1008 Bitcoin blocks (~7 days) on-chain timelock → withdraw tx. Governance path (params/upgrades on Genesis): BABY-weighted vote (min deposit 50k BABY, 3-day voting period / 1-day expedited, 33.4% quorum, 50% approval; no explicit post-vote timelock documented)."}, + {"code": "C4", "text": "Primary multisig: Covenant Committee (6/9, threshold 66%, members publicly listed with industry affiliations; Babylon Labs 3/9 insider stake but power strictly limited to verification). No other reachable control multisigs on upgrade/fund paths. Genesis governance is token-weighted on-chain (not multisig)."}, + {"code": "C5", "text": "On-chain governance exists on Babylon Genesis (BABY token-weighted voting for params, upgrades). Proposal threshold 50k BABY, voting period 3 days, quorum 33.4%, approval 50%, veto 33.4%. No timelock constant read; Cosmos SDK default execution post-pass."}, + {"code": "C6", "text": "No separate emergency-pause/guardian role with uncapped power. Covenant Committee scoped to unbonding verification only; no infinite pause capability documented."}, + {"code": "C7", "text": "Highest tier on uncontested fast path: T3 (governance can alter params like unbonding period or covenant threshold on Genesis). T1 unreachable — no function allows draining user BTC, replacing staking script logic, or minting unbacked claims (self-custodial Bitcoin Script + explicit committee limitations). T2 unreachable on BTC core."} + ], + "steelman": { + "red": "6/9 Covenant Committee (with team key concentration) + short 3-day governance voting could theoretically enable rapid param changes affecting unbonding economics if committee colludes or gov is captured.", + "orange": "Covenant multisig fails full Security Council criteria (team holds 3/9 keys) and sits on unbonding path; governance has short voting period with no documented timelock, creating T3 fast path.", + "green": "Bitcoin core is fully immutable and self-custodial (user private keys control final withdrawal after timelock expiration); Covenant Committee explicitly cannot steal funds or prevent expiration even if fully compromised (per official Phase-1 launch docs); highest reachable power is T3 governance on coordination layer only." + }, + "verdict": "Choosing green because T1 is unreachable on the immutable self-custodial Bitcoin staking layer (core user funds never leave user control), Covenant Committee power is narrowly scoped to verification with explicit non-stealing guarantees, and any T3 governance changes require on-chain BABY voting with public proposal process; 7-day Bitcoin-block unbonding delay provides exit window on the practical fast path. Evidence from official launch blog and governance docs outweighs orange concerns about committee composition." + }, + "evidence": [ + {"url": "https://babylonlabs.io/blog/babylon-bitcoin-staking-mainnet-launch-phase-1", "shows": "Details 6/9 Covenant Committee composition (AltLayer, Babylon Labs 3 keys, CoinSummer Labs, Cubist, Informal Systems, RockX, Zellic), explicit statement that committee 'cannot steal the staker’s bitcoins, nor prevent the stake from expiration and becoming withdrawable, even if the committee is compromised', 1008-block (~7-day) unbonding period, 64000-block max stake duration, Phase-1 security model, and audit links.", "fetched_at": "2026-05-29T08:10:00Z"}, + {"url": "https://docs.babylonlabs.io/guides/overview/babylon_genesis/baby_tokenomics/", "shows": "BABY token utility for gas and on-chain governance on Babylon Genesis (Cosmos SDK); BTC stakers do not vote; parameters and upgrades decided by BABY holders/validators.", "fetched_at": "2026-05-29T08:12:00Z"}, + {"url": "https://forum.babylon.foundation/t/governance-docs/19", "shows": "Cosmos SDK governance parameters: min deposit 50,000 BABY, max deposit period 14 days, voting period 3 days (expedited 1 day), quorum 33.4%, approval threshold 50%, veto 33.4%.", "fetched_at": "2026-05-29T08:15:00Z"}, + {"url": "https://github.com/babylonlabs-io/babylon/blob/main/docs/staking-script.md", "shows": "Bitcoin staking script specification including CovenantThreshold parameter, M-out-of-N multisig co-signing for compliant spending paths (unbonding, slashing), timelock paths; public and immutable once confirmed on Bitcoin.", "commit": "d96cd9de2ead944f064362e3fc0c34214fa066cd", "fetched_at": "2026-05-29T08:18:00Z"} + ], + "unknowns": [ + "C1: No EVM contract owner/admin/pendingOwner/governor readable via block explorer or DeFiPunkd /api/contract/read (protocol has no EVM deployments; control surfaces are Bitcoin Script covenants + Cosmos SDK gov on Babylon Genesis).", + "C3: Exact current CovenantThreshold and unbonding period (1008 blocks in Phase-1 docs) not re-verified from live Babylon Genesis chain state or recent gov proposal; post-Phase-2 changes possible but not evidenced in fetched sources.", + "C4: Current signer identities and exact threshold for Covenant Committee post any rotations since Phase-1 launch not re-confirmed in live sources; 6/9 documented in 2024 launch blog.", + "C5: No on-chain read of exact votingDelay/votingPeriod constants or timelock (if any) on Babylon Genesis Governor module; Cosmos SDK defaults inferred from forum docs only.", + "C7: Whether governance proposals can alter covenant public keys or slashing conditions in a way that affects existing stakes without user exit window not explicitly ruled out in fetched docs (T3 assumed but conservative)." + ], + "protocol_metadata": { + "github": ["https://github.com/babylonlabs-io/babylon"], + "docs_url": "https://docs.babylonlabs.io", + "audits": [ + {"firm": "Coinspect", "url": "https://docs.babylonlabs.io/assets/files/coinspect-phase1-audit.pdf", "date": "2024-06"}, + {"firm": "Zellic", "url": "https://docs.babylonlabs.io/assets/files/zellic-phase1-audit.pdf", "date": "2024-06"}, + {"firm": "Oak Security GmbH", "url": "https://docs.babylonlabs.io/assets/files/oak_security_gmbh_genesis_v2_audit-2025_06.pdf", "date": "2025-06"} + ], + "governance_forum": "https://forum.babylon.foundation/", + "voting_token": {"chain": "Babylon Genesis", "address": null, "symbol": "BABY"}, + "bug_bounty_url": null, + "security_contact": null, + "deployed_contracts_doc": null, + "admin_addresses": [], + "upgradeability": "mixed", + "about": "Babylon Protocol enables self-custodial native Bitcoin staking to secure Bitcoin Supercharged Networks (BSNs) and other PoS chains. Users lock BTC directly in timelocked Taproot scripts on Bitcoin mainnet; coordination, finality, and BABY-token governance occur on Babylon Genesis (Cosmos SDK chain). No wrapping, bridging, or custodians required for core staking." + } + }, + { + "schema_version": 4, + "slug": "babylon-protocol", + "slice": "ability-to-exit", + "snapshot_generated_at": "2026-05-25T10:00:13.281Z", + "prompt_version": 29, + "analysis_date": "2026-05-28", + "model": "grok-xai", + "chat_url": "https://grok.com/share/c2hhcmQtNQ_9b2a497f-bfc6-435e-a38e-93af4f0667e5", + "grading_basis": "off-chain-only", + "grade": "green", + "headline": "Permissionless final withdrawal after on-chain timelock/expiration; early unbonding requires 6/9 committee co-sign + 7-day Bitcoin block delay but committee cannot block claims or prevent expiration.", + "short_headline": "Green: self-custodial exit with on-chain safeguards", + "rationale": { + "findings": [ + {"code": "E1", "text": "User-facing exit functions: (1) early unbonding (staker-initiated BTC tx co-signed by Covenant Committee) followed by withdraw after unbonding period; (2) automatic expiration withdraw after chosen staking timelock (up to 64,000 Bitcoin blocks). Both use native Bitcoin transactions."}, + {"code": "E2", "text": "Unbonding request placement requires Covenant Committee (6/9) co-signature for verification; claim/finalized withdrawal after 1008-block unbonding period or full expiration is permissionless (user private key only). No admin gate on finalized claims."}, + {"code": "E3", "text": "No pause guards or PAUSE_ROLE on Bitcoin staking scripts. Covenant Committee co-sign is verification gate for early unbonding only; explicitly cannot prevent expiration-based withdrawal even if fully compromised or offline."}, + {"code": "E4", "text": "No emergency vs governance pause distinction; no uncapped pause path exists. Committee acts as verification multisig, not emergency pauser."}, + {"code": "E5", "text": "Queued early unbonding has documented max on-chain delay of 1008 Bitcoin blocks (~7 days). Queue itself is not pausable by any actor; expiration path bypasses queue entirely."}, + {"code": "E6", "text": "Forced-exit / escape-hatch: automatic timelock expiration provides permissionless withdrawal path with no committee or admin involvement required. Slashing (if applicable post-Phase-1) follows protocol rules but does not block honest user exit."}, + {"code": "E7", "text": "Exit functions directly callable on Bitcoin blockchain via any compatible wallet or script (Taproot script construction from public covenant params and staking docs). Official frontend (btcstaking.babylonlabs.io) is convenience only; not required for on-chain exit."} + ], + "steelman": { + "red": "Early unbonding requires 6/9 Covenant Committee co-signature, creating a potential liveness or collusion gate for fast exit (even if final expiration path remains open).", + "orange": "7-day Bitcoin-block unbonding delay + committee dependency for early exit could be viewed as material friction; frontend is the primary UX path even if technically bypassable.", + "green": "Final withdrawal is fully permissionless after either on-chain unbonding period or automatic timelock expiration; Covenant Committee has no power to block or pause claims of already-finalized exits and explicitly cannot prevent expiration-based withdrawal; native Bitcoin transactions mean no smart-contract pause or admin signature required for exit." + }, + "verdict": "Choosing green because the protocol provides a guaranteed permissionless exit path via Bitcoin timelock expiration that no actor (including the full Covenant Committee) can block, early unbonding has a fixed short on-chain delay rather than indefinite pause, and claims of finalized funds are not gated. Self-custodial design + explicit non-blocking guarantees satisfy the exit criteria despite the verification step for early unbonding." + }, + "evidence": [ + {"url": "https://babylonlabs.io/blog/babylon-bitcoin-staking-mainnet-launch-phase-1", "shows": "Unbonding process: staker generates unbonding tx (co-signed by 6/9 committee) then withdrawal tx after 1008 Bitcoin blocks (~7 days); automatic expiration after 64,000 blocks with no committee involvement; explicit statement committee cannot prevent stake from 'expiration and becoming withdrawable'.", "fetched_at": "2026-05-29T08:10:00Z"}, + {"url": "https://github.com/babylonlabs-io/babylon/blob/main/docs/staking-script.md", "shows": "Staking script defines timelock paths for unbonding and expiration; withdrawal requires only staker signature after timelock; covenant co-sign enforces rules but does not gate final spend after expiration.", "commit": "d96cd9de2ead944f064362e3fc0c34214fa066cd", "fetched_at": "2026-05-29T08:18:00Z"} + ], + "unknowns": [ + "E2: Exact current unbonding period and CovenantThreshold parameters on live Babylon Genesis (or updated Bitcoin script params post-Phase-2) not re-read from chain state.", + "E3: Whether any on-chain pause or guardian role was introduced in Phase-2 restaking/vault modules on Babylon Genesis not evidenced in fetched Phase-1-focused sources.", + "E7: Practical ease of constructing valid unbonding/withdrawal Bitcoin transactions without official frontend (requires knowledge of current covenant public keys and script params) not tested end-to-end in this run." + ], + "protocol_metadata": { + "github": ["https://github.com/babylonlabs-io/babylon"], + "docs_url": "https://docs.babylonlabs.io", + "audits": [ + {"firm": "Coinspect", "url": "https://docs.babylonlabs.io/assets/files/coinspect-phase1-audit.pdf", "date": "2024-06"}, + {"firm": "Zellic", "url": "https://docs.babylonlabs.io/assets/files/zellic-phase1-audit.pdf", "date": "2024-06"} + ], + "governance_forum": "https://forum.babylon.foundation/", + "voting_token": {"chain": "Babylon Genesis", "address": null, "symbol": "BABY"}, + "bug_bounty_url": null, + "security_contact": null, + "deployed_contracts_doc": null, + "admin_addresses": [], + "upgradeability": "mixed", + "about": "Babylon Protocol enables self-custodial native Bitcoin staking to secure Bitcoin Supercharged Networks (BSNs) and other PoS chains. Users lock BTC directly in timelocked Taproot scripts on Bitcoin mainnet; coordination, finality, and BABY-token governance occur on Babylon Genesis (Cosmos SDK chain). No wrapping, bridging, or custodians required for core staking." + } + }, + { + "schema_version": 4, + "slug": "babylon-protocol", + "slice": "autonomy", + "snapshot_generated_at": "2026-05-25T10:00:13.281Z", + "prompt_version": 29, + "analysis_date": "2026-05-28", + "model": "grok-xai", + "chat_url": "https://grok.com/share/c2hhcmQtNQ_9b2a497f-bfc6-435e-a38e-93af4f0667e5", + "grading_basis": "off-chain-only", + "grade": "green", + "headline": "Self-custodial Bitcoin core with no external dependency able to cause principal loss; Covenant Committee or Genesis downtime delays early unbonding only (~0% impacted TVS for theft/freeze of principal).", + "short_headline": "Green: principal protected by self-custody + timelocks", + "rationale": { + "findings": [ + {"code": "A1", "text": "Core contracts (Bitcoin Script) call no external oracles, price feeds, or bridges for staking/unbonding. Covenant Committee provides off-chain signatures for unbonding/slashing verification only. Babylon Genesis handles coordination/events but does not custody or move user BTC."}, + {"code": "A2", "text": "Covenant Committee (9 signers, 6/9 threshold, reputable entities) acts as verification oracle for unbonding/slashing requests. Mis-reporting can delay early unbonding but cannot steal principal or block expiration withdrawal (explicit protocol guarantee). Finality Providers secure BSNs but user principal remains on Bitcoin under user keys."}, + {"code": "A3", "text": "No bridge or cross-chain messaging dependency for core user staking flows; BTC remains on Bitcoin mainnet. Babylon Genesis (IBC-enabled Cosmos chain) used for coordination only."}, + {"code": "A4", "text": "No nested collateral/restaking chains for user principal; BTC is staked natively on Bitcoin. Any future restaking (Phase-2+) would be opt-in on top of the same self-custodial base."}, + {"code": "A5", "text": "No forkedFrom lineage recorded in DeFiLlama or docs for core Bitcoin staking mechanism."}, + {"code": "A6", "text": "Fallbacks: automatic timelock expiration (user-controlled, no external input) catches any committee/Genesis failure for final exit. No sanity-check contracts or rebase bounds needed because Bitcoin Script enforces rules on-chain. Committee liveness is mitigated by expiration path (LIVE and enforcing)."}, + {"code": "A7", "text": "No sequencer/L1-liveness dependency beyond Bitcoin substrate (Bitcoin is the base chain for staking txs). Babylon Genesis liveness affects coordination but not BTC lock validity."}, + {"code": "A8", "text": "Covenant Emulator (off-chain bots run by committee members) required for timely unbonding co-signatures. Failure degrades to expiration path only (graceful; no insolvency or yield loss for stakers)."}, + {"code": "A9", "text": "Governance on Babylon Genesis can mutate parameters (unbonding period, covenant threshold) via BABY vote but cannot hot-swap external dependencies that custody or move user BTC (no such mutable oracle/bridge/ vault surface on the Bitcoin staking layer)."} + ], + "steelman": { + "red": "Covenant Committee (off-chain) or Babylon Genesis downtime could freeze early unbonding for all stakers, creating systemic exit friction if prolonged.", + "orange": "Protocol depends on 9-member committee liveness for fast unbonding and Genesis chain for coordination; governance can change parameters that affect future stakes without per-user exit window.", + "green": "No external dependency can cause theft or loss of user principal — BTC never leaves user-controlled UTXOs; any committee or Genesis failure is fully mitigated by automatic timelock expiration path that requires no external signatures; impacted TVS for principal loss is effectively 0%." + }, + "verdict": "Choosing green because the self-custodial Bitcoin Script design ensures user private keys alone control final withdrawal after timelock, with no external contract, oracle, bridge, or committee able to drain or permanently freeze principal (only delay early unbonding). Fallback to expiration is live and unconditional. Governance-mutable surface is limited to coordination parameters, not fund custody." + }, + "evidence": [ + {"url": "https://babylonlabs.io/blog/babylon-bitcoin-staking-mainnet-launch-phase-1", "shows": "Self-custodial design: 'Your keys. Your coins.'; committee 'cannot steal the staker’s bitcoins, nor prevent the stake from expiration and becoming withdrawable'; all staking on Bitcoin mainnet with no bridging/wrapping.", "fetched_at": "2026-05-29T08:10:00Z"}, + {"url": "https://github.com/babylonlabs-io/babylon/blob/main/docs/staking-script.md", "shows": "Bitcoin Script enforces all spending rules (timelock, covenant co-sign, slashing conditions) on-chain with no external calls for core logic.", "commit": "d96cd9de2ead944f064362e3fc0c34214fa066cd", "fetched_at": "2026-05-29T08:18:00Z"} + ], + "unknowns": [ + "A2: Current operational status and exact signer set of Covenant Committee (post any rotations) and whether all 9 run live Covenant Emulator bots not re-verified in real-time.", + "A6: Activation status of any Phase-2 restaking or vault modules on Babylon Genesis and whether they introduce new external dependencies not covered in Phase-1 staking script docs.", + "A9: Specific list of mutable parameters on Babylon Genesis that could indirectly affect staking economics (e.g., points system, caps) without long timelock not exhaustively enumerated from live chain state." + ], + "protocol_metadata": { + "github": ["https://github.com/babylonlabs-io/babylon"], + "docs_url": "https://docs.babylonlabs.io", + "audits": [ + {"firm": "Coinspect", "url": "https://docs.babylonlabs.io/assets/files/coinspect-phase1-audit.pdf", "date": "2024-06"}, + {"firm": "Zellic", "url": "https://docs.babylonlabs.io/assets/files/zellic-phase1-audit.pdf", "date": "2024-06"}, + {"firm": "Oak Security GmbH", "url": "https://docs.babylonlabs.io/assets/files/oak_security_gmbh_genesis_v2_audit-2025_06.pdf", "date": "2025-06"} + ], + "governance_forum": "https://forum.babylon.foundation/", + "voting_token": {"chain": "Babylon Genesis", "address": null, "symbol": "BABY"}, + "bug_bounty_url": null, + "security_contact": null, + "deployed_contracts_doc": null, + "admin_addresses": [], + "upgradeability": "mixed", + "about": "Babylon Protocol enables self-custodial native Bitcoin staking to secure Bitcoin Supercharged Networks (BSNs) and other PoS chains. Users lock BTC directly in timelocked Taproot scripts on Bitcoin mainnet; coordination, finality, and BABY-token governance occur on Babylon Genesis (Cosmos SDK chain). No wrapping, bridging, or custodians required for core staking." + } + }, + { + "schema_version": 4, + "slug": "babylon-protocol", + "slice": "open-access", + "snapshot_generated_at": "2026-05-25T10:00:13.281Z", + "prompt_version": 29, + "analysis_date": "2026-05-28", + "model": "grok-xai", + "chat_url": "https://grok.com/share/c2hhcmQtNQ_9b2a497f-bfc6-435e-a38e-93af4f0667e5", + "grading_basis": "off-chain-only", + "grade": "green", + "headline": "Fully permissionless Bitcoin Script staking and withdrawal; no contract-level whitelist/KYC or operator approval for core admission; independent paths via native BTC wallets and open-source tools exist alongside official UI.", + "short_headline": "Green: native BTC permissionless + independent paths", + "rationale": { + "findings": [ + {"code": "A1", "text": "No whitelist/allowlist/onlyWhitelisted/onlyRole modifiers on Bitcoin staking or unbonding scripts. Any BTC holder can create valid staking tx with chosen finality provider and broadcast to Bitcoin network."}, + {"code": "A2", "text": "Covenant Committee (6/9) provides co-signatures for unbonding verification but does not gate staking admission or require approval for initial stake placement. Staking is unconditional on Bitcoin; committee role is post-stake verification only."}, + {"code": "A3", "text": "Official frontend (btcstaking.babylonlabs.io) likely contains standard ToS/sanctions self-certification (A3-passive); no evidence of active IP geo-blocking, wallet screening, or KYC wall in fetched sources. Reported as context only."}, + {"code": "A3b", "text": "Independent access paths exist: (1) native Bitcoin wallets/scripts supporting Taproot/custom scripts (public covenant params allow direct tx construction); (2) third-party integrators (BitGo, Kiln, Fordefi) offering Babylon staking; (3) open-source tools from GitHub repos for wallet developers."}, + {"code": "A4", "text": "No on-chain sanctions blocklist or OFAC-style address checking in Bitcoin staking scripts or Babylon Genesis coordination layer."}, + {"code": "A5", "text": "Read access fully permissionless (anyone can query Bitcoin blockchain or Babylon Genesis for staking events). Write access (staking/unbonding) also permissionless at contract level."}, + {"code": "A6", "text": "ToS/legal links exist on babylonlabs.io and docs (standard eligibility/sanctions clauses expected but not verbatim-extracted due to page structure); no evidence of restrictive on-chain enforcement."} + ], + "steelman": { + "red": "Covenant Committee co-signature requirement for early unbonding could be framed as operator approval gate on a core exit action.", + "orange": "Official frontend is the dominant UX; while theoretically bypassable, most users rely on it and third-party integrations may still route through official coordination layer.", + "green": "Bitcoin Script staking and final withdrawal require no whitelist, no KYC, no operator pre-approval for admission, and no on-chain blocklist; independent paths (native BTC construction + third-party custodians/integrators) exist and satisfy the credible-alternatives test; committee verification is scoped post-admission and does not block staking entry." + }, + "verdict": "Choosing green because core user actions (staking placement and final withdrawal) are unconditionally admitted by the Bitcoin Script layer with no contract-level gates, and multiple independent access paths (native Bitcoin tooling, third-party integrators) exist without requiring the official publisher's ongoing cooperation. Frontend ToS and any passive compliance language are publisher policy on one client only." + }, + "evidence": [ + {"url": "https://babylonlabs.io/blog/babylon-bitcoin-staking-mainnet-launch-phase-1", "shows": "Self-custodial staking: 'Your keys. Your coins.'; anyone can stake native BTC on Bitcoin mainnet with no bridging/wrapping; unbonding requires committee co-sign but staking admission is open.", "fetched_at": "2026-05-29T08:10:00Z"}, + {"url": "https://github.com/babylonlabs-io/babylon/blob/main/docs/staking-script.md", "shows": "Public Bitcoin staking script specification allows any user to construct valid staking/unbonding transactions; no address-based restrictions or permissioned entry points.", "commit": "d96cd9de2ead944f064362e3fc0c34214fa066cd", "fetched_at": "2026-05-29T08:18:00Z"} + ], + "unknowns": [ + "A3: Verbatim text of any jurisdictional/sanctions clause in official ToS not extracted (page render limitations); recorded as context only.", + "A3b: Exhaustive list of all third-party frontends/wallets/integrators supporting Babylon staking not enumerated beyond examples (BitGo, Kiln); existence of at least one independent path is confirmed.", + "A6: Full current ToS URL and exact eligibility language not fetched in this run due to site navigation." + ], + "protocol_metadata": { + "github": ["https://github.com/babylonlabs-io/babylon"], + "docs_url": "https://docs.babylonlabs.io", + "audits": [ + {"firm": "Halborn", "url": "https://docs.babylonlabs.io/guides/security/audit_reports/", "date": "2024"} + ], + "governance_forum": "https://forum.babylon.foundation/", + "voting_token": {"chain": "Babylon Genesis", "address": null, "symbol": "BABY"}, + "bug_bounty_url": null, + "security_contact": null, + "deployed_contracts_doc": null, + "admin_addresses": [], + "upgradeability": "mixed", + "about": "Babylon Protocol enables self-custodial native Bitcoin staking to secure Bitcoin Supercharged Networks (BSNs) and other PoS chains. Users lock BTC directly in timelocked Taproot scripts on Bitcoin mainnet; coordination, finality, and BABY-token governance occur on Babylon Genesis (Cosmos SDK chain). No wrapping, bridging, or custodians required for core staking." + } + }, + { + "schema_version": 4, + "slug": "babylon-protocol", + "slice": "verifiability", + "snapshot_generated_at": "2026-05-25T10:00:13.281Z", + "prompt_version": 29, + "analysis_date": "2026-05-28", + "model": "grok-xai", + "chat_url": "https://grok.com/share/c2hhcmQtNQ_9b2a497f-bfc6-435e-a38e-93af4f0667e5", + "grading_basis": "off-chain-only", + "grade": "green", + "headline": "Open-source Bitcoin Script + Cosmos SDK code with multiple audits from recognized firms (Zellic, Coinspect, Oak Security, Halborn) covering Phase-1 and subsequent upgrades; public staking script spec.", + "short_headline": "Green: audited open source across layers", + "rationale": { + "findings": [ + {"code": "V1", "text": "Bitcoin staking scripts are public and verifiable via any Bitcoin explorer (Taproot addresses/scripts); no 'bytecode' in EVM sense. Babylon Genesis Cosmos modules are source-verified via GitHub (no proxy/implementation split issue)."}, + {"code": "V2", "text": "Source-to-repo correspondence: staking script spec and Cosmos modules in https://github.com/babylonlabs-io/babylon match public documentation and audit scopes. Latest commit on main corresponds to active development."}, + {"code": "V3", "text": "Audit coverage: Phase-1 (Coinspect June 2024, Zellic June 2024, Cantina contest), Genesis v2 upgrade (Oak Security June 2025), additional Halborn frontend audit, v4 upgrade audits (Coinspect, Halborn). Multiple firms, recent relative to phases."}, + {"code": "V4", "text": "Auditor recognition: Zellic, Coinspect, Oak Security, Halborn, Sherlock, Informal Systems — all recognized in Solidity/Cosmos/Bitcoin security space. No unknown firms driving grade."}, + {"code": "V5", "text": "Post-audit drift: Upgrades (v2, v4) explicitly re-audited by recognized firms; no material un-audited drift in core staking script or Genesis modules evidenced. Frontend separately audited."}, + {"code": "V6", "text": "No proxy vs implementation gap; Bitcoin Script is the deployed 'code' (immutable on-chain), Cosmos chain source is directly auditable and matches repo."} + ], + "steelman": { + "red": "Bitcoin Script verification relies on public spec rather than on-chain source code upload like EVM; Cosmos chain requires running full node to verify binary.", + "orange": "Some audits are Phase-1 focused; later Phase-2 restaking/vault modules may have narrower or pending coverage; no independent bytecode diff performed in this run.", + "green": "Core Bitcoin staking logic is fully specified in public GitHub docs and has been audited multiple times by top firms; Babylon Genesis source is open and re-audited on upgrades; no unverified deployed artifacts or material unaudited drift." + }, + "verdict": "Choosing green because the protocol provides public, auditable source for both the Bitcoin Script staking logic and the Babylon Genesis Cosmos modules, with repeated audits from recognized firms (Zellic, Coinspect, Oak Security, Halborn) covering the deployed phases and upgrades, and no evidence of material post-audit drift in the core self-custodial components." + }, + "evidence": [ + {"url": "https://docs.babylonlabs.io/guides/security/audit_reports/", "shows": "List of audits: Coinspect Phase-1 (June 2024), Zellic Phase-1 and Cap-3 (2024), Oak Security Genesis v2 (2025-06), Halborn frontend, additional Coinspect/Halborn for v4 upgrades; multiple recognized firms covering staking protocol and chain code.", "fetched_at": "2026-05-29T08:20:00Z"}, + {"url": "https://babylonlabs.io/blog/babylon-bitcoin-staking-mainnet-launch-phase-1", "shows": "Phase-1 audits linked (Coinspect, Zellic, Cantina); security model and covenant committee details match audited code.", "fetched_at": "2026-05-29T08:10:00Z"}, + {"url": "https://github.com/babylonlabs-io/babylon/blob/main/docs/staking-script.md", "shows": "Complete public specification of Bitcoin staking transactions, scripts, covenant multisig, timelocks; directly auditable and matches audit scopes.", "commit": "d96cd9de2ead944f064362e3fc0c34214fa066cd", "fetched_at": "2026-05-29T08:18:00Z"} + ], + "unknowns": [ + "V2: Specific commit SHA used for latest deployed Babylon Genesis binary or staking indexer not pinned; correspondence is at repo level rather than exact bytecode match.", + "V3: Full scope and findings of all post-2025 audits (e.g., v4) not exhaustively reviewed beyond existence and auditor names; no material issues flagged in public summaries.", + "V5: Drift analysis between most recent audit commit and current main branch for any Phase-2 modules not performed (no material un-audited changes evidenced in fetched sources)." + ], + "protocol_metadata": { + "github": ["https://github.com/babylonlabs-io/babylon"], + "docs_url": "https://docs.babylonlabs.io", + "audits": [ + {"firm": "Coinspect", "url": "https://docs.babylonlabs.io/assets/files/coinspect-phase1-audit.pdf", "date": "2024-06"}, + {"firm": "Zellic", "url": "https://docs.babylonlabs.io/assets/files/zellic-phase1-audit.pdf", "date": "2024-06"}, + {"firm": "Oak Security GmbH", "url": "https://docs.babylonlabs.io/assets/files/oak_security_gmbh_genesis_v2_audit-2025_06.pdf", "date": "2025-06"}, + {"firm": "Halborn", "url": "https://docs.babylonlabs.io/guides/security/audit_reports/", "date": "2024"} + ], + "governance_forum": "https://forum.babylon.foundation/", + "voting_token": {"chain": "Babylon Genesis", "address": null, "symbol": "BABY"}, + "bug_bounty_url": null, + "security_contact": null, + "deployed_contracts_doc": null, + "admin_addresses": [], + "upgradeability": "mixed", + "about": "Babylon Protocol enables self-custodial native Bitcoin staking to secure Bitcoin Supercharged Networks (BSNs) and other PoS chains. Users lock BTC directly in timelocked Taproot scripts on Bitcoin mainnet; coordination, finality, and BABY-token governance occur on Babylon Genesis (Cosmos SDK chain). No wrapping, bridging, or custodians required for core staking." + } + } +] \ No newline at end of file