Skip to content

Issues: code-423n4/2022-10-holograph-findings

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear current search query, filters, and sorts
8 Open 64 Closed
8 Open 64 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

MEV: Operator can bribe miner and steal honest operator's bond amount if gas price went high 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working responded The Holograph team has reviewed and responded selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#473 opened Oct 25, 2022 by code423n4
4
LayerZeroModule miscalculates gas, risking loss of assets 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) responded The Holograph team has reviewed and responded selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#445 opened Oct 25, 2022 by code423n4
6
An attacker can lock operator out of the pod by setting gas limit that's higher than the block gas limit of dest chain 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working duplicate This issue or pull request already exists responded The Holograph team has reviewed and responded selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#414 opened Oct 25, 2022 by code423n4
3
If user sets a low gasPrice the operator would have to choose between being locked out of the pod or executing the job anyway 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) responded The Holograph team has reviewed and responded selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#364 opened Oct 25, 2022 by code423n4
1
Gas limit check is inaccurate, leading to an operator being able to fail a job intentionally 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) primary issue Highest quality submission among a set of duplicates resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) responded The Holograph team has reviewed and responded selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#176 opened Oct 24, 2022 by code423n4
10
An attacker can manipulate each pod and gain an advantage over the remainder Operators 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working primary issue Highest quality submission among a set of duplicates responded The Holograph team has reviewed and responded selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#168 opened Oct 24, 2022 by code423n4
5
Failed job can't be recovered. NFT may be lost. 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working edited-by-warden resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) responded The Holograph team has reviewed and responded selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#102 opened Oct 22, 2022 by code423n4
5
Gas price spikes cause the selected operator to be vulnerable to frontrunning and be slashed 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working edited-by-warden responded The Holograph team has reviewed and responded selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#44 opened Oct 20, 2022 by code423n4
2
ProTip! Mix and match filters to narrow down what you’re looking for.