code-423n4 2022-10-holograph-findings issues

code-423n4 / 2022-10-holograph-findings

1 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Upgraded Q -> M from 300 [1668888076013]

#507 code423n4 closed 1 year ago
0
test issue

#506 techbizgurl closed 1 year ago
1
Adversary can cause malicious slashing of operators by creating malicous token and setting gas limit above chain block gas limit

#505 code423n4 closed 1 year ago
5
MED: Owner may mint any amount of any asset, by changing LayerZeroModule's _lzEndpointSlot directly.

#504 code423n4 closed 1 year ago
8
Pod can (likely) be chosen by miner

#503 code423n4 closed 1 year ago
1
Pseudo randomness is not recommended

#502 code423n4 closed 1 year ago
2
QA Report

#501 code423n4 opened 1 year ago
1
QA Report

#500 code423n4 closed 1 year ago
2
Gas Optimizations

#499 code423n4 opened 1 year ago
1
Incorrect usage of try/catch block

#498 code423n4 closed 1 year ago
3
Reentrancy can increase `allowance` can be used to take more funds than expected

#497 code423n4 closed 1 year ago
2
Gas Optimizations

#496 code423n4 closed 1 year ago
1
it is possible to front run the deployHolographableContract and alter the configuration

#495 code423n4 closed 1 year ago
1
MED: Holographer contract may be destructed using delegatecall to trusted address - Holographer's fallback(), HolographERC721's fallback()

#494 code423n4 closed 1 year ago
3
Signature replay attacks

#493 code423n4 closed 1 year ago
1
QA Report

#492 code423n4 opened 1 year ago
2
Adversary can cause malicious slashing of operators by setting gas price low

#491 code423n4 closed 1 year ago
3
Unbounded loop can make `_payoutEth`, , `_payoutToken`, `_payoutTokens` fail

#490 code423n4 closed 1 year ago
3
_safeMint() should be used rather than _mint() wherever possible

#489 code423n4 closed 1 year ago
3
Use of `transfer()` instead of `call()` to send eth

#488 code423n4 closed 1 year ago
3
Gas Optimizations

#487 code423n4 closed 1 year ago
1
QA Report

#486 code423n4 closed 1 year ago
1
# Divide before multiply affects precision

#485 code423n4 closed 1 year ago
2
Gas Optimizations

#484 code423n4 opened 1 year ago
1
Dangerous delegatecall for a malicous initcode

#483 code423n4 closed 1 year ago
3
Gas Optimizations

#482 code423n4 closed 1 year ago
1
Gas Optimizations

#481 code423n4 closed 1 year ago
0
QA Report

#480 code423n4 opened 1 year ago
0
Gas Optimizations

#479 code423n4 closed 1 year ago
0
MED: HolographOperator.sol 's resetOperator() function allows malicious or hacked admin to permanently freeze operator's bonded tokens.

#478 code423n4 closed 1 year ago
2
Missing support of non-standart ERC20

#477 code423n4 closed 1 year ago
2
`_payoutEth()` calculates `balance` with an offset, always leaving dust `ETH` in the contract

#476 code423n4 opened 1 year ago
4
HIGH: Honest operator can lose their bonded amount although gas price was unacceptable during their slot

#475 code423n4 closed 1 year ago
4
Weak randomness

#474 code423n4 closed 1 year ago
2
MEV: Operator can bribe miner and steal honest operator's bond amount if gas price went high

#473 code423n4 opened 1 year ago
4
QA Report

#472 code423n4 opened 1 year ago
0
QA Report

#471 code423n4 closed 1 year ago
0
QA Report

#470 code423n4 closed 1 year ago
0
MED - Incorrect implementation of ERC721 may have bad consequences for receiver

#469 code423n4 opened 1 year ago
1
MED: leak of value when interacting with an ERC721 enforcer contract

#468 code423n4 opened 1 year ago
6
`_payoutEth()` gas computation can make call revert even if `balance` is sufficient

#467 code423n4 closed 1 year ago
1
Operator is not randomly selected

#466 code423n4 closed 1 year ago
2
Gas Optimizations

#465 code423n4 closed 1 year ago
0
MED: isOwner / onlyOwner checks can be bypassed by attacker in ERC721/ERC20 implementations

#464 code423n4 opened 1 year ago
7
Minimum balance requirement for payout

#463 code423n4 closed 1 year ago
2
Implement and use `_safeMint` rather than `_mint`

#462 code423n4 closed 1 year ago
4
MED: Some royalty ETH will be stuck in the Holographer contract forever.

#461 code423n4 closed 1 year ago
1
Risk of reuse of signatures across forks due to lack of chainID validation

#460 code423n4 closed 1 year ago
2
`_payoutToken()` breaks if `tokenAddress` is USDT - for Ethereum contracts.

#459 code423n4 closed 1 year ago
3
QA Report

#458 code423n4 opened 1 year ago
0