Back to hxzy's contests

Holograph contest - hxzy's results

Omnichain protocol for deploying, minting, & bridging NFTs between blockchains.

General Information

Platform: Code4rena

Start Date: 18/10/2022

Pot Size: $75,000 USDC

Total HM: 27

Participants: 144

Period: 7 days

Judge: gzeon

Total Solo HM: 13

Id: 170

League: ETH

Holograph

Findings Distribution

Researcher Performance

Rank: 84/144

Findings: 1

Award: $26.35

Gas:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryHolograph

Findings Information

🌟 Selected for report: oyc_109

Also found by: 0x040, 0x1f8b, 0x5rings, 0xNazgul, 0xSmartContract, 0xZaharina, 0xsam, 0xzh, 2997ms, Amithuddar, Aymen0909, B2, Bnke0x0, Deivitto, Diana, Dinesh11G, Franfran, JC, JrNet, Jujic, KingNFT, KoKo, Mathieu, Metatron, Mukund, Olivierdem, PaludoX0, Pheonix, Picodes, RaymondFam, RedOneN, ReyAdmirado, Rolezn, Saintcode_, Satyam_Sharma, Shinchan, Tagir2003, Tomio, Waze, Yiko, __141345__, adriro, ajtra, aysha, ballx, beardofginger, bobirichman, brgltd, bulej93, catchup, catwhiskeys, cdahlheimer, ch0bu, chaduke, chrisdior4, cryptostellar5, cylzxje, d3e4, delfin454000, dharma09, djxploit, durianSausage, emrekocak, erictee, exolorkistis, fatherOfBlocks, gianganhnguyen, gogo, halden, hxzy, i_got_hacked, iepathos, karanctf, leosathya, lucacez, lukris02, lyncurion, m_Rassska, martin, mcwildy, mics, nicobevi, peanuts, peiw, rbserver, ret2basic, rotcivegaf, ryshaw, sakman, sakshamguruji, saneryee, sikorico, skyle, svskaushik, tnevler, vv7, w0Lfrum, zishansami

Awards

26.3525 USDC - $26.35

Labels

bug
G (Gas Optimization)
sponsor confirmed
responded
grade-b

External Links

Link to GitHub issue

  1. Unused code The following code is not used in the HolographTreasury contract:https://github.com/code-423n4/2022-10-holograph/blob/main/contracts/HolographTreasury.sol#L251-L273

  2. Functions should be declared external The admin and setAdmin functions in Admin contract should be declared external.

  3. Unused return The reversedBridgeOutRequest function in the HolographBridge contract does not process the return value when calling the bridgeOut function of the holographableContract contract. https://github.com/code-423n4/2022-10-holograph/blob/main/contracts/HolographBridge.sol#L305 The getBridgeOutRequestPayload function in the HolographBridge contract does not process the return value when calling its own reversedBridgeOutRequest function. https://github.com/code-423n4/2022-10-holograph/blob/main/contracts/HolographBridge.sol#L360

  4. Missing zero address check The zero address check for holograph and sourceContract is missing in the init function of the Holographer contract.

  5. Missing event trigger It is recommended to trigger the corresponding event when the resetOperator function in the HolographOperator contract modifies the parameters.

  6. The return value of the token transfer function is not checked The return value of the token transfer function is not checked in the executeJob function in the HolographOperator contract. https://github.com/code-423n4/2022-10-holograph/blob/main/contracts/HolographOperator.sol#L400

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter