Suzaku is a decentralization hub and marketplace that helps Avalanche L1s scale and decentralize their validator sets. Prior to its launch later this year, Suzaku integrated Octane into its CI pipeline early in its development process for a comprehensive review of more than 48,000 lines of its codebase. During this review, Octane’s AI-powered offensive security intelligence platform identified four critical and one high-severity vulnerabilities, along with several informational findings for smart contract optimization.
How Suzaku Scales Avalanche with Octane’s Offensive Security Intelligence
Suzaku is a decentralization hub and marketplace that helps Avalanche L1s scale and decentralize their validator sets. Prior to its launch later this year, Suzaku integrated Octane into its CI pipeline early in its development process for a comprehensive review of more than 48,000 lines of its codebase. During this review, Octane’s AI-powered offensive security intelligence platform identified four critical and one high-severity vulnerabilities, along with several informational findings for smart contract optimization.
Attack Surface
Suzaku is a restaking framework built to enable new Avalanche Layer-1 networks to scale securely and progress from permissioned Proof-of-Authority to permissionless Proof-of-Stake. It offers a plug-and-play framework that lets each network choose between consensus modes (PoA, dual-staking, or full PoS) that align with its maturity.
This flexibility introduces a dynamic and high-stakes attack surface: Suzaku directly mediates validator assignment and cryptoeconomic security across multiple chains. A single flaw could enable validator hijacking, unauthorized fund movement, or denial-of-service across several networks, posing a systemic risk for clients and users.
Octane’s AI-powered offensive security engine scanned Suzaku’s entire codebase, continuously simulating attacker behavior to uncover multiple critical and high-severity vulnerabilities missed during early development.
All findings are based on commit 5ba1ff4 of the Suzaku Core repository.
Summary of Findings
#1: setL1Middleware() Allows Malicious Middleware Reassignments – (Severity: CRITICAL)
setL1Middleware() let any external address repoint a registered validator-manager to an arbitrary middleware contract, because it never verified the caller’s authority. A hostile redirect gives an attacker full control over the validator’s traffic and, by extension, its view of consensus.
Vector: The setL1Middleware() function lacks access controls, letting anyone reassign middleware for a registered validator manager without verifying caller authority. While the function verifies that the validator manager is registered, it fails to validate the caller's authority to make such changes.
Impact: This could allow malicious actors to redirect validator operations to unauthorized or malicious middleware implementations, potentially compromising the entire validation system's security and functionality.
Fix: Octane inserted a hard auth-check directly into setL1Middleware(). Now, the new authorization logic queries IBalancerValidatorManager(validatorManager).isSecurityModule(msg.sender) to verify that the caller is an approved Security Module. If not, it reverts with L1Registry__InvalidL1Middleware().
%20Allows%20Malicious%20Middleware%20Reassignments.png)
#2: registerL1() Allows Rogue Validator Registrations – (Severity: CRITICAL)
Vector: The registerL1() function does not restrict who may add new validator managers, allowing any external address to add arbitrary entries to the registry. While comments indicate that the caller should be a SecurityModule of the ValidatorManager, Octane flagged that this restriction was not implemented in the code.
Impact: An attacker could register fraudulent validator managers and corrupt the registry, undermining every protocol that relies on it.
Fix: Octane inserted two explicit authorization gates to the registerL1()contract:
- Caller check: The function now verifies that msg.sender is an approved Security Module for validatorManager via
IValidatorManager(validatorManager).isSecurityModule(msg.sender).
Failure reverts with L1Registry__InvalidValidatorManager(validatorManager). - Middleware check: It also confirms that the supplied l1Middleware_ address is itself a Security Module of the same validatorManager; otherwise it reverts again, this time with L1Registry__InvalidL1Middleware().
%20Allows%20Rogue%20Validator%20Registrations.png)
#3: Unrestricted slashVault() Allows Infinite Slashing – (Severity: CRITICAL)
slashVault() could be invoked by any address to slash every vault in a single call, instantly burning operator stake and paralyzing protocol operations. No protective gate separated a legitimate network arbiter from a malicious passer-by.
This is like giving every fan in the stadium the power to red card any player on the field: game over.
Vector: The slashVault() function lacks an auth check, so anyone can burn stakes across all vaults in one transaction.
Impact: An attacker could maliciously slash legitimate network operators by calling this function with arbitrary parameters, draining funds from vaults or disrupting the protocol’s operations entirely. Because slashVault() loops over all vaults, a single malicious call can wipe out every operator’s bonded tokens and freeze withdrawals.
Fix: Octane inserted an inline access-control guard that requires the caller to be the middleware contract; otherwise the transaction reverts with a custom error. This single check confines slashing authority to the protocol’s own adjudication layer.
%20Allows%20Infinite%20Slashing.png)
#4: addAssetClass() Open to Arbitrary Asset Registration – (Severity: CRITICAL)
Vector: The addAssetClass() function was external with no onlyOwner modifier, so anyone could define new asset classes and set arbitrary stake parameters.
Impact: An attacker could create fake tokens with near-zero minValidatorStake, drawing validators into insecure classes. This would throw off how rewards, penalties, and collateral are calculated without the attacker needing to upgrade or change any contracts.
Fix: Octane added an onlyOwner guard to the public wrapper.
%20Open%20to%20Arbitrary%20Asset%20Registration.png)
#5: Anyone Can Remove Core Assets from Staking Flow (Severity: HIGH)
Vector: The removeAssetFromClass() function could be called by anyone to remove an asset from its assigned class, even if that asset was part of an active validator stake or involved in vault operations. While it prevents removing the PRIMARY_ASSET or assets still in use (_isUsedAsset()), it does not authenticate the caller. Anyone can call it.
Impact: A malicious actor could repeatedly call removeAssetFromClass() on valid, in-rotation assets (excluding the primary asset), breaking validator reward routing, blocking withdrawals, and potentially halting liquidity flows for affected tokens. The system may remain functional, but users’ trust in it would be seriously compromised.
Fix: Octane added an onlyOwner modifier, restricting asset class definitions to a governance-approved actor.
Turbocharge Smart Contract Development With Octane
Gauthier, Cofounder at Suzaku, said: “Octane didn’t just throw alerts – the platform provided diff-ready patches so we could drop in role-based access controls and secure authorization checks in a single commit without breaking our flow. If you ship Solidity at scale, Octane is a no-brainer value-add to your CI pipeline.”
Shift security left, cut audit rounds, and deploy with confidence by adding Octane to your CI/CD pipeline.
Schedule a demo today to see how simple it is to protect your platform’s smart contracts with Octane’s 24/7 offensive intelligence and real-time vulnerability detection.