issues
search
code-423n4
/
2022-10-holograph-findings
1
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Upgraded Q -> M from 300 [1668888076013]
#507
code423n4
closed
1 year ago
0
test issue
#506
techbizgurl
closed
1 year ago
1
Adversary can cause malicious slashing of operators by creating malicous token and setting gas limit above chain block gas limit
#505
code423n4
closed
1 year ago
5
MED: Owner may mint any amount of any asset, by changing LayerZeroModule's _lzEndpointSlot directly.
#504
code423n4
closed
1 year ago
8
Pod can (likely) be chosen by miner
#503
code423n4
closed
1 year ago
1
Pseudo randomness is not recommended
#502
code423n4
closed
1 year ago
2
QA Report
#501
code423n4
opened
1 year ago
1
QA Report
#500
code423n4
closed
1 year ago
2
Gas Optimizations
#499
code423n4
opened
1 year ago
1
Incorrect usage of try/catch block
#498
code423n4
closed
1 year ago
3
Reentrancy can increase `allowance` can be used to take more funds than expected
#497
code423n4
closed
1 year ago
2
Gas Optimizations
#496
code423n4
closed
1 year ago
1
it is possible to front run the deployHolographableContract and alter the configuration
#495
code423n4
closed
1 year ago
1
MED: Holographer contract may be destructed using delegatecall to trusted address - Holographer's fallback(), HolographERC721's fallback()
#494
code423n4
closed
1 year ago
3
Signature replay attacks
#493
code423n4
closed
1 year ago
1
QA Report
#492
code423n4
opened
1 year ago
2
Adversary can cause malicious slashing of operators by setting gas price low
#491
code423n4
closed
1 year ago
3
Unbounded loop can make `_payoutEth`, , `_payoutToken`, `_payoutTokens` fail
#490
code423n4
closed
1 year ago
3
_safeMint() should be used rather than _mint() wherever possible
#489
code423n4
closed
1 year ago
3
Use of `transfer()` instead of `call()` to send eth
#488
code423n4
closed
1 year ago
3
Gas Optimizations
#487
code423n4
closed
1 year ago
1
QA Report
#486
code423n4
closed
1 year ago
1
# Divide before multiply affects precision
#485
code423n4
closed
1 year ago
2
Gas Optimizations
#484
code423n4
opened
1 year ago
1
Dangerous delegatecall for a malicous initcode
#483
code423n4
closed
1 year ago
3
Gas Optimizations
#482
code423n4
closed
1 year ago
1
Gas Optimizations
#481
code423n4
closed
1 year ago
0
QA Report
#480
code423n4
opened
1 year ago
0
Gas Optimizations
#479
code423n4
closed
1 year ago
0
MED: HolographOperator.sol 's resetOperator() function allows malicious or hacked admin to permanently freeze operator's bonded tokens.
#478
code423n4
closed
1 year ago
2
Missing support of non-standart ERC20
#477
code423n4
closed
1 year ago
2
`_payoutEth()` calculates `balance` with an offset, always leaving dust `ETH` in the contract
#476
code423n4
opened
1 year ago
4
HIGH: Honest operator can lose their bonded amount although gas price was unacceptable during their slot
#475
code423n4
closed
1 year ago
4
Weak randomness
#474
code423n4
closed
1 year ago
2
MEV: Operator can bribe miner and steal honest operator's bond amount if gas price went high
#473
code423n4
opened
1 year ago
4
QA Report
#472
code423n4
opened
1 year ago
0
QA Report
#471
code423n4
closed
1 year ago
0
QA Report
#470
code423n4
closed
1 year ago
0
MED - Incorrect implementation of ERC721 may have bad consequences for receiver
#469
code423n4
opened
1 year ago
1
MED: leak of value when interacting with an ERC721 enforcer contract
#468
code423n4
opened
1 year ago
6
`_payoutEth()` gas computation can make call revert even if `balance` is sufficient
#467
code423n4
closed
1 year ago
1
Operator is not randomly selected
#466
code423n4
closed
1 year ago
2
Gas Optimizations
#465
code423n4
closed
1 year ago
0
MED: isOwner / onlyOwner checks can be bypassed by attacker in ERC721/ERC20 implementations
#464
code423n4
opened
1 year ago
7
Minimum balance requirement for payout
#463
code423n4
closed
1 year ago
2
Implement and use `_safeMint` rather than `_mint`
#462
code423n4
closed
1 year ago
4
MED: Some royalty ETH will be stuck in the Holographer contract forever.
#461
code423n4
closed
1 year ago
1
Risk of reuse of signatures across forks due to lack of chainID validation
#460
code423n4
closed
1 year ago
2
`_payoutToken()` breaks if `tokenAddress` is USDT - for Ethereum contracts.
#459
code423n4
closed
1 year ago
3
QA Report
#458
code423n4
opened
1 year ago
0
Next