-
Notifications
You must be signed in to change notification settings - Fork 0
Issues: code-423n4/2022-10-holograph-findings
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
MEV: Operator can bribe miner and steal honest operator's bond amount if gas price went high
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
responded
The Holograph team has reviewed and responded
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#473
opened Oct 25, 2022 by
code423n4
LayerZeroModule miscalculates gas, risking loss of assets
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
resolved
Finding has been patched by sponsor (sponsor pls link to PR containing fix)
responded
The Holograph team has reviewed and responded
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#445
opened Oct 25, 2022 by
code423n4
An attacker can lock operator out of the pod by setting gas limit that's higher than the block gas limit of dest chain
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate
This issue or pull request already exists
responded
The Holograph team has reviewed and responded
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#414
opened Oct 25, 2022 by
code423n4
If user sets a low Assets can be stolen/lost/compromised directly
bug
Something isn't working
resolved
Finding has been patched by sponsor (sponsor pls link to PR containing fix)
responded
The Holograph team has reviewed and responded
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
gasPrice
the operator would have to choose between being locked out of the pod or executing the job anyway
3 (High Risk)
#364
opened Oct 25, 2022 by
code423n4
Gas limit check is inaccurate, leading to an operator being able to fail a job intentionally
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
primary issue
Highest quality submission among a set of duplicates
resolved
Finding has been patched by sponsor (sponsor pls link to PR containing fix)
responded
The Holograph team has reviewed and responded
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#176
opened Oct 24, 2022 by
code423n4
An attacker can manipulate each pod and gain an advantage over the remainder Operators
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
primary issue
Highest quality submission among a set of duplicates
responded
The Holograph team has reviewed and responded
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#168
opened Oct 24, 2022 by
code423n4
Failed job can't be recovered. NFT may be lost.
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
edited-by-warden
resolved
Finding has been patched by sponsor (sponsor pls link to PR containing fix)
responded
The Holograph team has reviewed and responded
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#102
opened Oct 22, 2022 by
code423n4
Gas price spikes cause the selected operator to be vulnerable to frontrunning and be slashed
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
edited-by-warden
responded
The Holograph team has reviewed and responded
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#44
opened Oct 20, 2022 by
code423n4
ProTip!
Mix and match filters to narrow down what you’re looking for.