Skip to content

Issues: code-423n4/2022-10-holograph-findings

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

138 Open 368 Closed
138 Open 368 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

QA Report bug Something isn't working grade-b QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax responded The Holograph team has reviewed and responded sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#501 opened Oct 25, 2022 by code423n4
1
Gas Optimizations bug Something isn't working G (Gas Optimization) grade-b responded The Holograph team has reviewed and responded sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#499 opened Oct 25, 2022 by code423n4
1
QA Report bug Something isn't working grade-a QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax responded The Holograph team has reviewed and responded sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#492 opened Oct 25, 2022 by code423n4
2
Gas Optimizations bug Something isn't working G (Gas Optimization) grade-b responded The Holograph team has reviewed and responded sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#484 opened Oct 25, 2022 by code423n4
1
QA Report bug Something isn't working grade-a QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax responded The Holograph team has reviewed and responded sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#480 opened Oct 25, 2022 by code423n4
_payoutEth() calculates balance with an offset, always leaving dust ETH in the contract 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working responded The Holograph team has reviewed and responded selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#476 opened Oct 25, 2022 by code423n4
4
MEV: Operator can bribe miner and steal honest operator's bond amount if gas price went high 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working responded The Holograph team has reviewed and responded selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#473 opened Oct 25, 2022 by code423n4
4
QA Report bug Something isn't working grade-b QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax responded The Holograph team has reviewed and responded sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#472 opened Oct 25, 2022 by code423n4
MED - Incorrect implementation of ERC721 may have bad consequences for receiver 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working responded The Holograph team has reviewed and responded selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#469 opened Oct 25, 2022 by code423n4
1
MED: leak of value when interacting with an ERC721 enforcer contract 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working responded The Holograph team has reviewed and responded selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#468 opened Oct 25, 2022 by code423n4
6
MED: isOwner / onlyOwner checks can be bypassed by attacker in ERC721/ERC20 implementations 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working responded The Holograph team has reviewed and responded selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#464 opened Oct 25, 2022 by code423n4
7
QA Report bug Something isn't working edited-by-warden grade-b QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax responded The Holograph team has reviewed and responded sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#458 opened Oct 25, 2022 by code423n4
_payoutToken[s]() is not compatible with tokens with missing return value 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working primary issue Highest quality submission among a set of duplicates responded The Holograph team has reviewed and responded selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#456 opened Oct 25, 2022 by code423n4
1
LayerZeroModule miscalculates gas, risking loss of assets 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) responded The Holograph team has reviewed and responded selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#445 opened Oct 25, 2022 by code423n4
6
QA Report bug Something isn't working edited-by-warden grade-b QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax responded The Holograph team has reviewed and responded sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#442 opened Oct 25, 2022 by code423n4
HolographERC20 breaks composability by forcing usage of draft proposal EIP-4524 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) responded The Holograph team has reviewed and responded selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#440 opened Oct 25, 2022 by code423n4
3
Execution may be stuck in destination chain as operators estimate gas consumption bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) grade-b QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax responded The Holograph team has reviewed and responded sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#433 opened Oct 25, 2022 by code423n4
13
Attacker can force chaotic operator behavior 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working primary issue Highest quality submission among a set of duplicates responded The Holograph team has reviewed and responded selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#432 opened Oct 25, 2022 by code423n4
3
Gas Optimizations bug Something isn't working G (Gas Optimization) grade-a responded The Holograph team has reviewed and responded sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#429 opened Oct 25, 2022 by code423n4
Gas Optimizations bug Something isn't working G (Gas Optimization) grade-a responded The Holograph team has reviewed and responded sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#428 opened Oct 25, 2022 by code423n4
Bad source of randomness 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working primary issue Highest quality submission among a set of duplicates responded The Holograph team has reviewed and responded selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#427 opened Oct 25, 2022 by code423n4
3
Gas Optimizations bug Something isn't working G (Gas Optimization) grade-a responded The Holograph team has reviewed and responded sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#425 opened Oct 25, 2022 by code423n4
QA Report bug Something isn't working grade-a QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax responded The Holograph team has reviewed and responded sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#422 opened Oct 25, 2022 by code423n4
QA Report bug Something isn't working grade-b QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax responded The Holograph team has reviewed and responded sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#420 opened Oct 25, 2022 by code423n4
Gas Optimizations bug Something isn't working G (Gas Optimization) grade-b responded The Holograph team has reviewed and responded sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#419 opened Oct 25, 2022 by code423n4
ProTip! Type g p on any issue or pull request to go back to the pull request listing page.