Platform: Code4rena
Start Date: 18/10/2022
Pot Size: $75,000 USDC
Total HM: 27
Participants: 144
Period: 7 days
Judge: gzeon
Total Solo HM: 13
Id: 170
League: ETH
Rank: 40/144
Findings: 2
Award: $82.02
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Rolezn
Also found by: 0x1f8b, 0x52, 0x5rings, 0xNazgul, 0xSmartContract, 0xZaharina, 0xhunter, 0xzh, 8olidity, Amithuddar, Aymen0909, B2, Bnke0x0, Chom, Deivitto, Diana, Diraco, Dravee, Franfran, JC, Jeiwan, Josiah, JrNet, Jujic, KingNFT, KoKo, Lambda, Margaret, Migue, Ocean_Sky, PaludoX0, Picodes, Rahoz, RaoulSchaffranek, RaymondFam, RedOneN, ReyAdmirado, Shinchan, Tagir2003, Trust, Waze, Yiko, __141345__, a12jmx, adriro, ajtra, arcoun, aysha, ballx, bin2chen, bobirichman, brgltd, bulej93, catchup, catwhiskeys, caventa, cccz, cdahlheimer, ch0bu, chaduke, chrisdior4, cloudjunky, cryptostellar5, cryptphi, csanuragjain, cylzxje, d3e4, delfin454000, djxploit, durianSausage, erictee, fatherOfBlocks, francoHacker, gianganhnguyen, gogo, hansfriese, i_got_hacked, ignacio, imare, karanctf, kv, leosathya, louhk, lukris02, lyncurion, m_Rassska, malinariy, martin, mcwildy, mics, minhtrng, nicobevi, oyc_109, pashov, peanuts, pedr02b2, peiw, rbserver, ret2basic, rotcivegaf, rvierdiiev, ryshaw, sakman, sakshamguruji, saneryee, securerodd, seyni, sikorico, svskaushik, teawaterwire, tnevler, w0Lfrum
55.6726 USDC - $55.67
HolographOperator
L346 - A division is made with an input, therefore it would be possible that supply is equal to zero, this would imply that a require is necessary to be able to return a message according to the exception.
L158-188/254-269/278-294 - As the resetOperator function is auxiliary to test the code easier and the storage variables found in that function are only set in the constructor, they could all become immutable. Another option would be not to set them in the constructor and directly make them constant.
enforcer/PA1D.sol
L110 - The PA1DInterface interface is imported, but it is never used, the import should be eliminated.
L205-210 - The function is called isOwner() but it is approved being owner and being admin, therefore the name is somewhat confusing, since if it is admin and isOwner returns true, it is somehow incorrect.
enforcer/HolographERC721.sol
L123 - The PA1DInterface contract is imported, but it is never used, the import should be eliminated.
L524-570 - There is commented code that should be used or removed as it does not provide clarity, it only generates confusion.
L373/378/391/395/460/473/486/491/624/628 - When we use a require and throw an exception it is important to show a message, this is important because it makes the user better understand the reason why it is reverted.
enforcer/HolographERC20.sol
L114/116/119/124/125 - The ERC20Burnable, ERC20Metadata, ERC20Safer, HolographerInterface, HolographRegistryInterface contracts is imported, but it is never used, the import should be eliminated.
L328/332/339/343/354/358/371/375/430/434/455/484/488/502/507/536/541/582/586/606/610 - When we use a require and throw an exception it is important to show a message, this is important because it makes the user better understand the reason why it is reverted.
L288-294 - Instead of doing an if/else with return true/return false, directly return the condition.
🌟 Selected for report: oyc_109
Also found by: 0x040, 0x1f8b, 0x5rings, 0xNazgul, 0xSmartContract, 0xZaharina, 0xsam, 0xzh, 2997ms, Amithuddar, Aymen0909, B2, Bnke0x0, Deivitto, Diana, Dinesh11G, Franfran, JC, JrNet, Jujic, KingNFT, KoKo, Mathieu, Metatron, Mukund, Olivierdem, PaludoX0, Pheonix, Picodes, RaymondFam, RedOneN, ReyAdmirado, Rolezn, Saintcode_, Satyam_Sharma, Shinchan, Tagir2003, Tomio, Waze, Yiko, __141345__, adriro, ajtra, aysha, ballx, beardofginger, bobirichman, brgltd, bulej93, catchup, catwhiskeys, cdahlheimer, ch0bu, chaduke, chrisdior4, cryptostellar5, cylzxje, d3e4, delfin454000, dharma09, djxploit, durianSausage, emrekocak, erictee, exolorkistis, fatherOfBlocks, gianganhnguyen, gogo, halden, hxzy, i_got_hacked, iepathos, karanctf, leosathya, lucacez, lukris02, lyncurion, m_Rassska, martin, mcwildy, mics, nicobevi, peanuts, peiw, rbserver, ret2basic, rotcivegaf, ryshaw, sakman, sakshamguruji, saneryee, sikorico, skyle, svskaushik, tnevler, vv7, w0Lfrum, zishansami
26.3525 USDC - $26.35
HolographBridge
L148/163/203/214/224/233/255/270/352 - Instead of using a require you can use ifs and an error custom, this would generate a lower cost of gas.
L204/256/353 - It is less expensive to validate address(_factory()) == holographableContract, than to query another contract in validation. Therefore, it is less expensive to put the second validation first in the require.
L218 - It is less expensive to validate that uint != 0 than to validate uint > 0
L380 - When we initialize a variable and we want to set its default value, it is not necessary to set it, since it has that value by default.
L382/383 - Instead of creating a uint256 hlgFee variable, you can directly destruct the "fee" variable.
HolographFactory
L145 - Instead of requesting bytes as input, two addresses could be directly requested as inputs, in order to simplify the parameter request.
L144/220/228/250 - Instead of using a require you can use ifs and an error custom, this would generate a lower cost of gas.
enforcer/Holographer.sol
abstract/ERC721H.sol
abstract/ERC20H.sol
HolographOperator
L309/350/363/398/1126 - It is less expensive to validate that uint != 0 than to validate uint > 0
L310/311/781 - When we initialize a variable and we want to set its default value, it is not necessary to set it, since it has that value by default.
L241/309/350/354/368/415/446/485/591/595/739/756/829/839/857/863/881/889/903/911/915/932 - Instead of using a require you can use ifs and an error custom, this would generate a lower cost of gas.
L337/359/520/729/740/781/782/794/795/862/871/881/882/883 - It is less expensive to do ++i or --i, rather than i++, i-- or i - 1.
L316/320/363/391/408/640/645/867/871/881/883 - When a storage variable or a struct variable is used more than once, it is less expensive to create a variable in memory and use that variable.
module/LayerZeroModule.sol
enforcer/PA1D.sol
L159/174/190/390/411/416/435/439/460/472/477 - Instead of using a require you can use ifs and an error custom, this would generate a lower cost of gas.
L307/323/340/356/394/414/437/454/474 - It is less expensive to do ++i or --i, rather than i++, i-- or i - 1.
L307/323/340/356/394/414/437/454/474 - When we initialize a variable and we want to set its default value, it is not necessary to set it, since it has that value by default.
L432/437/454/472/474 - When a storage variable or a struct variable is used more than once, it is less expensive to create a variable in memory and use that variable.
L390/391 - When we first validate a subtraction operation to be > 1000, we know that it will not underflow, therefore the operation in L391 can be unchecked.
enforcer/HolographERC721.sol
L212/224/239/258/263/323/370/371/373/378/388/391/395/404/408/419/420/421/458/460/464/473/484/486/491/513/622/624/628/639/689/700/729/757/759/762/767/815/816/817/818/869/570/906 - Instead of using a require you can use ifs and an error custom, this would generate a lower cost of gas.
L357/716 - It is less expensive to do ++i or --i, rather than i++, i-- or i - 1.
L357/716 - When we initialize a variable and we want to set its default value, it is not necessary to set it, since it has that value by default.
L815 - It is less expensive to validate that uint != 0 than to validate uint > 0
L894/895 - It is not necessary to create a variable and set a value when we want to set its default value, this is so since when creating the variable it already has that value.
enforcer/HolographERC20.sol