Lit Protocol Cait-Sith

Findings · 12

1. 1 Correlated-OT-Extension does not properly use session ID in PRG High
2. 2 Timing dierences in hash_to_scalar implementation may disclose information to the sender in Random-OT-Extension Medium
3. 3 Insucient warnings or safeguards against reusing presignatures and triples High
4. 4 Cait-Sith does not time out if progress is not made Informational
5. 5 Sensitive data is not zeroized upon completion of subprotocols Medium
6. 6 Protocol implementation tells the user to wait after completion Informational
7. 7 Iterated extended oblivious transfer is not secure against a malicious receiver High
8. 8 Caller responsibilities around aborts are unclear Medium
9. 9 Dierent participants in triple generation and triple setup causes deadlock Informational
10. 10 Requirements on thresholds are unclear and inconsistently verified in the implementation Informational
11. 11 The receiver in Batch-Random-OT does not check that Y is nonzero Informational
12. 12 Cait-Sith is implemented with outdated dependencies Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.