Clementine

Clementine is Citrea's BitVM based trust-minimized Bitcoin bridge. You can check Clementine whitepaper here The repository includes:

• A library for bridge operator, verifier, and aggregator
• Circuits that will be optimistically verified with BitVM
• Presigning bridge transactions with MuSig2
• State manager for keeping track of other actors’ activities
• Tx Sender for sending Bitcoin transactions.

Prize distribution and scoring

• Total Prize Pool: $100,000

• Public Pool: $80,000

• Additional pay for dedicated Cantina researcher: $20,000

• $5000 of the prize pot is reserved for Low Severity findings. These reports are judged based on quality and reviewers are then ranked from 1st to 5th for the purpose of prize allocation.

  • 1st: $2,000
  • 2nd: $1,250
  • 3rd: $750
  • 4th: $600
  • 5th: $400

• Scoring described in the competition scoring page.

• Findings Severities described in detail on our docs page.

Documentation

• Clementine Whitepaper
• High Level Documentations
• Code documentation

Scope

• Repository: https://github.com/chainwayxyz/clementine
• Commit: 5d15adaacc1f6176b06903e8aabae817cfc7870c
• Files: All rust codebase

• Dependencies, libraries & tests excluded except for below (these are in scope):
  • https://github.com/chainwayxyz/BitVM/tree/a82e5a6bbc1183f98e8f2abd762baf20eb054475/bitvm/src/clementine

    • This is our BitVM Fork, BitVM is getting audited. This Clementine folder includes additional disprove scripts for our use case specific.

Out of Scope

Known issue:

• Aggregator DoS capability: It is a known and accepted risk that the Aggregator can perform various types of denial-of-service (DoS) attacks against Verifiers. The critical point is that the Aggregator cannot steal funds from the bridge.
• Challenge Transaction reimbursement: The current protocol does not reimburse Challenge Transactions. While this can be implemented through a smart contract on Citrea, it is out of scope for now. For the purposes of this scope, you can assume that if a Verifier sends a correct Challenge Transaction, it will be rewarded through other channels.

Previous Audit Report:

https://github.com/chainwayxyz/clementine/blob/main/audits/Sigma_Prime_Chainway_Labs_Clementine_Security_Assessment_Report_v2_0.pdf

• The previous audit was conducted with the automation flag disabled.
• This scope is for the protocol with automation enabled, including the TxSender and StateManager modules.

Expected Behaviors & Accepted Risks

• Aggregator role:

  • The Aggregator is untrusted.
  • Its only power is to perform DoS attacks.
  • In the event of such behavior, Verifiers can select a new Aggregator via social consensus.

• Verifier requirements:

  • At least one honest Verifier is enough to guarantee safety.
  • An honest Verifier will:
    • Send a Challenge Transaction for every malicious Operator.
    • Send a Watchtower Challenge Transaction for every malicious Operator.
    • Avoid signing any transaction outside of the protocol.
    • Send a Disprove Transaction for any incorrect BitVM proof.

• Operator requirements:

  • At least one honest Operator is enough to ensure liveness.
  • As long as one Operator pays withdrawals (via payout transactions), the system remains live.

• Withdrawal behavior:

  • If all Verifiers are live, they will send an optimistic payout transaction for a withdrawal.
  • Every transaction signed during the deposit phase must be sufficient to disprove any malicious activity.

Build Instructions

• Build instructions can be found here

Basic POC Test

POC is NOT mandatory, but a POC test with the docker compose would be great. https://github.com/chainwayxyz/clementine/blob/main/docs/usage.md#using-docker

Contact Us

For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.