Platform: Code4rena
Start Date: 18/10/2022
Pot Size: $75,000 USDC
Total HM: 27
Participants: 144
Period: 7 days
Judge: gzeon
Total Solo HM: 13
Id: 170
League: ETH
Rank: 85/144
Findings: 1
Award: $26.35
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: oyc_109
Also found by: 0x040, 0x1f8b, 0x5rings, 0xNazgul, 0xSmartContract, 0xZaharina, 0xsam, 0xzh, 2997ms, Amithuddar, Aymen0909, B2, Bnke0x0, Deivitto, Diana, Dinesh11G, Franfran, JC, JrNet, Jujic, KingNFT, KoKo, Mathieu, Metatron, Mukund, Olivierdem, PaludoX0, Pheonix, Picodes, RaymondFam, RedOneN, ReyAdmirado, Rolezn, Saintcode_, Satyam_Sharma, Shinchan, Tagir2003, Tomio, Waze, Yiko, __141345__, adriro, ajtra, aysha, ballx, beardofginger, bobirichman, brgltd, bulej93, catchup, catwhiskeys, cdahlheimer, ch0bu, chaduke, chrisdior4, cryptostellar5, cylzxje, d3e4, delfin454000, dharma09, djxploit, durianSausage, emrekocak, erictee, exolorkistis, fatherOfBlocks, gianganhnguyen, gogo, halden, hxzy, i_got_hacked, iepathos, karanctf, leosathya, lucacez, lukris02, lyncurion, m_Rassska, martin, mcwildy, mics, nicobevi, peanuts, peiw, rbserver, ret2basic, rotcivegaf, ryshaw, sakman, sakshamguruji, saneryee, sikorico, skyle, svskaushik, tnevler, vv7, w0Lfrum, zishansami
26.3525 USDC - $26.35
1.No need to initialize variables with default values
Impact If a variable is not set/initialized, it is assumed to have the default value (0, false, 0x0 etc depending on the data type). Explicitly initializing it with its default value is an anti-pattern and wastes gas.
for (uint256 i = 0; i < length; i++) {
https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L208 https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L224 https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L241 https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L257 https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L295 https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L315
https://github.com/code-423n4/2022-10-holograph/blob/main/src/HolographOperator.sol#L682
for (uint256 i = 0; i < addresses.length; i++) {
https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L338 https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L355 https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L375
https://github.com/code-423n4/2022-10-holograph/blob/main/src/HolographOperator.sol#L682
for (uint256 t = 0; t < tokenAddresses.length; t++) { https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L333
uint256 gasLimit = 0; uint256 gasPrice = 0;
https://github.com/code-423n4/2022-10-holograph/blob/main/src/HolographOperator.sol#L211-L212
Recommended Mitigation Steps Remove explicit initialization for default values
i++ in your for loops tunchecked{++i} .
prefix arithmetic is a bit cheaper than postfix arithmetic, but if you do it in a for loop, this small amount of gas can pile up and be a big waste.
also, in solidity 0.8.0+, every arithmetic operation is checked for overflow and underflow, which adds a lot of gas to a single operation. Since in your for loop you don't have the risk for overflow, you can surround the operation into save a lot of gas (which will save a huge amount since it saves a lot in a single loop iteration.)
https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L208
https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L224 https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L241 https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L257 https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L295 https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L315
for (uint256 i = 0; i < addresses.length; i++) {
https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L338 https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L355 https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L375
for (uint256 t = 0; t < tokenAddresses.length; t++) {
https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L333
Use Custom Errors to save Gas
require(balance - gasCost > 10000, "PA1D: Not enough ETH to transfer");
https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L291
require(balance > 10000, "PA1D: Not enough tokens to transfer");
https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L312
require(balance > 10000, "PA1D: Not enough tokens to transfer");
https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L336
require(matched, "PA1D: sender not authorized");
https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L361
require(addresses.length == bps.length, "PA1D: missmatched array lenghts");
https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L373
require(totalBp == 10000, "PA1D: bps down't equal 10000");
https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L378
require(_operatorJobs[hash] > 0, "HOLOGRAPH: invalid job");
https://github.com/code-423n4/2022-10-holograph/blob/main/src/HolographOperator.sol#L210
require(timeDifference > 0, "HOLOGRAPH: operator has time");
https://github.com/code-423n4/2022-10-holograph/blob/main/src/HolographOperator.sol#L251
require(gasPrice >= tx.gasprice, "HOLOGRAPH: gas spike detected");
https://github.com/code-423n4/2022-10-holograph/blob/main/src/HolographOperator.sol#L255
require(gasleft() > gasLimit, "HOLOGRAPH: not enough gas left");
https://github.com/code-423n4/2022-10-holograph/blob/main/src/HolographOperator.sol#L316
require(msg.sender == address(_messagingModule()), "HOLOGRAPH: messaging only call");
https://github.com/code-423n4/2022-10-holograph/blob/main/src/HolographOperator.sol#L386
require(msg.sender == _bridge(), "HOLOGRAPH: bridge only call");
https://github.com/code-423n4/2022-10-holograph/blob/main/src/HolographOperator.sol#L492
require(hlgFee < msg.value, "HOLOGRAPH: not enough value");
https://github.com/code-423n4/2022-10-holograph/blob/main/src/HolographOperator.sol#L496
require(initialized == 0, "PA1D: already initialized");
https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L91
require(balance - gasCost > 10000, "PA1D: Not enough ETH to transfer");
https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L291
require(balance > 10000, "PA1D: Not enough tokens to transfer");
https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L312
require(balance > 10000, "PA1D: Not enough tokens to transfer");
https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L336
require(matched, "PA1D: sender not authorized");
https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L361
require(addresses.length == bps.length, "PA1D: missmatched array lenghts");
https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L373
require(totalBp == 10000, "PA1D: bps down't equal 10000");
https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L378
Issue:Low-Risk In function _payoutEth a require condition should implement to check length should not never be equal to zero.Otherwise if length = 0 can effect whole function implementation.
https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L283 https://github.com/code-423n4/2022-10-holograph/blob/main/src/enforcer/PA1D.sol#L309