Back to sakman's contests

Holograph contest - sakman's results

Omnichain protocol for deploying, minting, & bridging NFTs between blockchains.

General Information

Platform: Code4rena

Start Date: 18/10/2022

Pot Size: $75,000 USDC

Total HM: 27

Participants: 144

Period: 7 days

Judge: gzeon

Total Solo HM: 13

Id: 170

League: ETH

Holograph

Findings Distribution

Researcher Performance

Rank: 88/144

Findings: 2

Award: $26.35

QA:
grade-c
Gas:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryHolograph

Findings Information

🌟 Selected for report: Rolezn

Also found by: 0x1f8b, 0x52, 0x5rings, 0xNazgul, 0xSmartContract, 0xZaharina, 0xhunter, 0xzh, 8olidity, Amithuddar, Aymen0909, B2, Bnke0x0, Chom, Deivitto, Diana, Diraco, Dravee, Franfran, JC, Jeiwan, Josiah, JrNet, Jujic, KingNFT, KoKo, Lambda, Margaret, Migue, Ocean_Sky, PaludoX0, Picodes, Rahoz, RaoulSchaffranek, RaymondFam, RedOneN, ReyAdmirado, Shinchan, Tagir2003, Trust, Waze, Yiko, __141345__, a12jmx, adriro, ajtra, arcoun, aysha, ballx, bin2chen, bobirichman, brgltd, bulej93, catchup, catwhiskeys, caventa, cccz, cdahlheimer, ch0bu, chaduke, chrisdior4, cloudjunky, cryptostellar5, cryptphi, csanuragjain, cylzxje, d3e4, delfin454000, djxploit, durianSausage, erictee, fatherOfBlocks, francoHacker, gianganhnguyen, gogo, hansfriese, i_got_hacked, ignacio, imare, karanctf, kv, leosathya, louhk, lukris02, lyncurion, m_Rassska, malinariy, martin, mcwildy, mics, minhtrng, nicobevi, oyc_109, pashov, peanuts, pedr02b2, peiw, rbserver, ret2basic, rotcivegaf, rvierdiiev, ryshaw, sakman, sakshamguruji, saneryee, securerodd, seyni, sikorico, svskaushik, teawaterwire, tnevler, w0Lfrum

Awards

0 USDC - $0.00

Labels

bug
QA (Quality Assurance)
responded
grade-c

External Links

Link to GitHub issue

1. Event is missing indexed fields

contracts/enforcer/PA1D.sol: L153

2. Use e18 notation instead of **18

contracts/HolographOperator.sol: L256

3. Not used import

contracts/enforcer/HolographERC721.sol: L123

contracts/enforcer/PA1D.sol: L110

contracts/enforcer/HolographERC20.sol: L114 L116 L119 L125

4. Events not emmited

contracts/enforcer/HolographERC20.sol: L218

contracts/HolographOperator.sol: L240 L278

5. Do not leave the receive/fallback function empty

contracts/abstract/ERC20H.sol: L212

contracts/enforcer/HolographERC721.sol: L962

contracts/abstract/ERC721H.sol: L212

contracts/enforcer/Holographer.sol: L223

contracts/enforcer/HolographERC20.sol: L251

contracts/HolographOperator.sol: L1209

6. Returning named return variables is redundant

contracts/enforcer/PA1D.sol: L665-L674

Findings Information

🌟 Selected for report: oyc_109

Also found by: 0x040, 0x1f8b, 0x5rings, 0xNazgul, 0xSmartContract, 0xZaharina, 0xsam, 0xzh, 2997ms, Amithuddar, Aymen0909, B2, Bnke0x0, Deivitto, Diana, Dinesh11G, Franfran, JC, JrNet, Jujic, KingNFT, KoKo, Mathieu, Metatron, Mukund, Olivierdem, PaludoX0, Pheonix, Picodes, RaymondFam, RedOneN, ReyAdmirado, Rolezn, Saintcode_, Satyam_Sharma, Shinchan, Tagir2003, Tomio, Waze, Yiko, __141345__, adriro, ajtra, aysha, ballx, beardofginger, bobirichman, brgltd, bulej93, catchup, catwhiskeys, cdahlheimer, ch0bu, chaduke, chrisdior4, cryptostellar5, cylzxje, d3e4, delfin454000, dharma09, djxploit, durianSausage, emrekocak, erictee, exolorkistis, fatherOfBlocks, gianganhnguyen, gogo, halden, hxzy, i_got_hacked, iepathos, karanctf, leosathya, lucacez, lukris02, lyncurion, m_Rassska, martin, mcwildy, mics, nicobevi, peanuts, peiw, rbserver, ret2basic, rotcivegaf, ryshaw, sakman, sakshamguruji, saneryee, sikorico, skyle, svskaushik, tnevler, vv7, w0Lfrum, zishansami

Awards

26.3525 USDC - $26.35

Labels

bug
G (Gas Optimization)
sponsor confirmed
responded
grade-b

External Links

Link to GitHub issue

1. Prefix incrementing and decrementing costs around 6 gas less than the postfix ones

e.g. ++var is cheaper than var++

contracts/enforcer/HolographERC721.sol: L357 L716

contracts/HolographOperator.sol: L520 L760 L781

contracts/enforcer/PA1D.sol: L307 L340 L414 L432 L437 L454 L474

contracts/enforcer/HolographERC20.sol: L564

2. Custom error are cheaper than string messages

contracts/HolographBridge.sol: L148 L163 L203-L206 L214 L224-L228 L270 L352-L355

contracts/abstract/ERC721H.sol: L117 L123 L125

contracts/HolographFactory.sol: L144 L220 L250-L255

contracts/enforcer/HolographERC20.sol: L192 L204 L349 L365 L387 L400 L445 L469 L482 L529 L539 L599 L620 L621 L627 L645 L653 L661 L684 L696 L698

contracts/enforcer/Holographer.sol: L148 L166

contracts/enforcer/PA1D.sol: L159 L174 L190 L411 L416 L435 L472 L477

contracts/HolographOperator.sol: L350 L354 L415 L595 L728 L739 L756 L829 L839 L857 L863 L881 L889 L903 L911 L915

contracts/enforcer/HolographERC721.sol: L212 L258 L263 L323 L370 L371 L404 L408 L420 L421 L458 L464-L470 L484 L513 L622 L639 L700 L764 L816 L817 L818 L869 L870

contracts/abstract/ERC20H.sol: L117 L125 L147

3. Use constant and immutable for constants

contracts/enforcer/HolographERC721.sol: L762 L767 L769

contracts/enforcer/HolographERC20.sol: L151 L171 L181

4. Use x < y + 1 in stead of x <= y

contracts/HolographOperator.sol: L354 L386 L728 L739 L756 L871

contracts/enforcer/HolographERC20.sol: L349 L400 L450 L469 L529 L599 L629

5. Cache storage variables in function call stack to save gas

contracts/HolographOperator.sol: L495-L524 L363-L408 L503-L517 L867-L883

6. Place i++ in an unchecked blocks in for-loops

contracts/enforcer/HolographERC20.sol: L564

contracts/enforcer/PA1D.sol: L307 L323 L340 L394 L414 L432 L474

contracts/enforcer/HolographERC721.sol: L357 L716

contracts/HolographOperator.sol: L781 L871

7. When comparing variables of type uint, use require(x != 0) instead of require(x > 0)

contracts/enforcer/HolographERC721.sol: L815

contracts/HolographOperator.sol: L350 L363 L1126

contracts/HolographBridge.sol: L218

8. Cache array.length outside of for loops

contracts/HolographOperator.sol: L871

9. Consider marking functions as payable if there is no risk of sending value through them

This change will save gas each time a function is called

contracts/enforcer/HolographERC20.sol: L380 L415

contracts/enforcer/HolographERC721.sol: L399

contracts/HolographOperator.sol: L445 L484 L949 L969 L989 L1009

contracts/abstract/ERC20H.sol: L123

contracts/abstract/ERC721H.sol: L123

contracts/HolographFactory.sol: L280 L300

contracts/HolographBridge.sol: L472 L502 L522

contracts/enforcer/PA1D.sol: L471

10. Calldata is cheaper than memory for function input

contracts/HolographFactory.sol: L143 L193 L194

contracts/enforcer/HolographERC20.sol: L499 L524 L641

contracts/enforcer/HolographERC721.sol: L238 L456 L620

contracts/HolographOperator.sol: L240

contracts/HolographBridge.sol: L162

contracts/abstract/ERC721H.sol: L140

contracts/abstract/ERC20H.sol: L140

contracts/enforcer/Holographer.sol: L147

contracts/enforcer/PA1D.sol: L185 L316 L349 L365 L372 L426 L517 L683

11. Explicitly assingning default values to variables is a waste of gas

Use uint256 i; instead of uint256 i = 0;

contracts/HolographBridge.sol: L380

contracts/enforcer/HolographERC20.sol: L564

contracts/enforcer/PA1D.sol: L323 L340 L394 L414 L432 L454 L474

contracts/HolographOperator.sol: L310 L311 L781

contracts/enforcer/HolographERC721.sol: L357 L716

12. Use multiple requires instead of a single one with &&

contracts/enforcer/Holographer.sol: L166

contracts/HolographOperator.sol: L857

contracts/enforcer/HolographERC721.sol: L263 L464-L470

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter