Feature/HOLO-604: implementing critical issue fixes #84

ACC01ADE · 2022-11-12T03:35:15Z

Describe Changes

Covers all code4rena audit critical issue (except for 473.

Re-wrote gas prices and limits to be chain specific
Fixed issue in HolographERC721 enforcer for re-minting burned NFT
Updated tests to work with updated code

Code4rena related audit issues:

Adversary can cause malicious slashing of operators by creating malicous token and setting gas limit above chain block gas limit code-423n4/2022-10-holograph-findings#505
Reentrancy can increase allowance can be used to take more funds than expected code-423n4/2022-10-holograph-findings#497
LayerZeroModule miscalculates gas, risking loss of assets code-423n4/2022-10-holograph-findings#445
If user sets a low gasPrice the operator would have to choose between being locked out of the pod or executing the job anyway code-423n4/2022-10-holograph-findings#364
Recursive call attack of the fallback function of Holographer code-423n4/2022-10-holograph-findings#353
deployHolographableContract() uniqueness code-423n4/2022-10-holograph-findings#339
Users could accidentally burn() and lose fund code-423n4/2022-10-holograph-findings#331
Optimistic bridging pattern, can lead to bridge exploitation code-423n4/2022-10-holograph-findings#297
Users can avoid paying gas fees code-423n4/2022-10-holograph-findings#294
Source contract can steal NFTs from users code-423n4/2022-10-holograph-findings#290
Accrued royalty share of a payout address can be stolen via payouts re-configuration code-423n4/2022-10-holograph-findings#288
Lack of check of chainType for DeployHolographableContract code-423n4/2022-10-holograph-findings#261
Most funtions are open for being called before initialization code-423n4/2022-10-holograph-findings#247
Attacker can block LayerZero channel code-423n4/2022-10-holograph-findings#244
Modifying utilitytoken would result in loss of user assets code-423n4/2022-10-holograph-findings#241
The function revertedBridgeOutRequest not always revert code-423n4/2022-10-holograph-findings#223
_chain() function it's broken code-423n4/2022-10-holograph-findings#218
Non-synchoronzied setters for HolographFactory code-423n4/2022-10-holograph-findings#183
Replay attack for deployHolographableContract() code-423n4/2022-10-holograph-findings#178
It's possible to mint more then type(uint256).max ERC20 tokens code-423n4/2022-10-holograph-findings#177
Gas limit check is inaccurate, leading to an operator being able to fail a job intentionally code-423n4/2022-10-holograph-findings#176
HolographFactory.sol cross-chain deployment is vulnerable to front-running: User control address a in chain A does not mean user control address a in chain B if the address is not a EOA account code-423n4/2022-10-holograph-findings#171

Checklist before requesting a review

I have performed a self-review of my code
Code styles have been enforced
All Hardhat tests are passing

contracts/HolographOperator.sol

alexanderattar

Nice!

deploy/07_layer_zero_module.ts

* Improvement/ HOLO 595 Enforce prettier / lint run on protocol (#81) * prettier and eslint setup to run action * fixed command on prettier action * fixed command on prettier action and package.json * fixed command on prettier action * Remove unknown prettier options * husky prepush check for linting and prettier * added husky prepare on package.json * fixed husky prepare on package.json * fixed husky pre-push Co-authored-by: Alexander <alexanderattar@gmail.com> * Add solhint config and fix prettier config (#83) * Feature/HOLO-604: implementing critical issue fixes (#84) * fixing critical issues * implemented suggestions * Featuer/HOLO-605: C4 medium risk fixes (#88) * init * fixes * enforcing msgSender on all source contract calls * fixing typo * fixing tests * test fixes and prettier * royatlies patch * removing unused library * Feature/adding generic contract type (#85) * fixing critical issues * adding generic contract type * implemented suggestions * merging latest from experimental branch * adding withdraw andmsgSender protection * adding withdraw andmsgSender protection * prettier * fixing typo * assembly memory fix * combined generic contract pr * deployments * deployments * adding support for `asciihex` compiler function * adding comments and fixing missed check * Feature/holo 613 rename pa1d to royalty (#90) * name change * Quick minor updates * Update reverts to use new ROYALTIES format * fix to test Co-authored-by: Vitto <admin@vitto.io> * royalties hotfix (#91) * royalties change * develop env deployments of royalties hotfix * Feature/holo 612 royalty smart contract improvements (#93) * First pass at royalty contract improvements * Second pass on royalty improvements from C4 audit * Remove broken check * Minor check and comments added * Remove check for greater than 10000 tokens for ERC20s in royalties * Add usage notes for payout functions * Add logic to allow setting a slot to use either transfer or call * Add handling for code-423n4/2022-10-holograph-findings#456 * Fix tests by passing proper init code * Add dev note on _callOptionalReturn * Limit payout addresses to 10 * Add test for max addresses * Improvement/holo 614 royalties smart contracts tests (#86) * royalties distribution * removed comments Co-authored-by: Alexander <alexanderattar@gmail.com> * cleanup * check send amount on ethPayouts Co-authored-by: Natalie Bravo <natalie.bravo@outlook.com> Co-authored-by: Vitto <admin@vitto.io> * Feature/HOLO-642: Implement Super Cold Storage logic into protocol (#92) * clean * implementing the super-cold-storage-signer * cleanup * Latest deployments 20221206 * Add external deployments back * Roll back to ff5b4ee due to incorrect deployment process on experimental env * Add latest deployments 20221206 Wed Dec 7 03:08:37 UTC 2022 Co-authored-by: Natalie Bravo <natalie.bravo@outlook.com> Co-authored-by: ACC01ADE <admin@vitto.io>

* Merge experimental * Experimental to Develop 20221206 (#95) * Improvement/ HOLO 595 Enforce prettier / lint run on protocol (#81) * prettier and eslint setup to run action * fixed command on prettier action * fixed command on prettier action and package.json * fixed command on prettier action * Remove unknown prettier options * husky prepush check for linting and prettier * added husky prepare on package.json * fixed husky prepare on package.json * fixed husky pre-push Co-authored-by: Alexander <alexanderattar@gmail.com> * Add solhint config and fix prettier config (#83) * Feature/HOLO-604: implementing critical issue fixes (#84) * fixing critical issues * implemented suggestions * Featuer/HOLO-605: C4 medium risk fixes (#88) * init * fixes * enforcing msgSender on all source contract calls * fixing typo * fixing tests * test fixes and prettier * royatlies patch * removing unused library * Feature/adding generic contract type (#85) * fixing critical issues * adding generic contract type * implemented suggestions * merging latest from experimental branch * adding withdraw andmsgSender protection * adding withdraw andmsgSender protection * prettier * fixing typo * assembly memory fix * combined generic contract pr * deployments * deployments * adding support for `asciihex` compiler function * adding comments and fixing missed check * Feature/holo 613 rename pa1d to royalty (#90) * name change * Quick minor updates * Update reverts to use new ROYALTIES format * fix to test Co-authored-by: Vitto <admin@vitto.io> * royalties hotfix (#91) * royalties change * develop env deployments of royalties hotfix * Feature/holo 612 royalty smart contract improvements (#93) * First pass at royalty contract improvements * Second pass on royalty improvements from C4 audit * Remove broken check * Minor check and comments added * Remove check for greater than 10000 tokens for ERC20s in royalties * Add usage notes for payout functions * Add logic to allow setting a slot to use either transfer or call * Add handling for code-423n4/2022-10-holograph-findings#456 * Fix tests by passing proper init code * Add dev note on _callOptionalReturn * Limit payout addresses to 10 * Add test for max addresses * Improvement/holo 614 royalties smart contracts tests (#86) * royalties distribution * removed comments Co-authored-by: Alexander <alexanderattar@gmail.com> * cleanup * check send amount on ethPayouts Co-authored-by: Natalie Bravo <natalie.bravo@outlook.com> Co-authored-by: Vitto <admin@vitto.io> * Feature/HOLO-642: Implement Super Cold Storage logic into protocol (#92) * clean * implementing the super-cold-storage-signer * cleanup * Latest deployments 20221206 * Add external deployments back * Roll back to ff5b4ee due to incorrect deployment process on experimental env * Add latest deployments 20221206 Wed Dec 7 03:08:37 UTC 2022 Co-authored-by: Natalie Bravo <natalie.bravo@outlook.com> Co-authored-by: ACC01ADE <admin@vitto.io> * Add latest develop deployments Wed Dec 7 17:57:20 UTC 2022 * Add latest develop deployments Wed Dec 7 17:57:20 UTC 2022 Co-authored-by: Natalie Bravo <natalie.bravo@outlook.com> Co-authored-by: ACC01ADE <admin@vitto.io>

* Release/develop to testnet 20221207 (#96) * Merge experimental * Experimental to Develop 20221206 (#95) * Improvement/ HOLO 595 Enforce prettier / lint run on protocol (#81) * prettier and eslint setup to run action * fixed command on prettier action * fixed command on prettier action and package.json * fixed command on prettier action * Remove unknown prettier options * husky prepush check for linting and prettier * added husky prepare on package.json * fixed husky prepare on package.json * fixed husky pre-push Co-authored-by: Alexander <alexanderattar@gmail.com> * Add solhint config and fix prettier config (#83) * Feature/HOLO-604: implementing critical issue fixes (#84) * fixing critical issues * implemented suggestions * Featuer/HOLO-605: C4 medium risk fixes (#88) * init * fixes * enforcing msgSender on all source contract calls * fixing typo * fixing tests * test fixes and prettier * royatlies patch * removing unused library * Feature/adding generic contract type (#85) * fixing critical issues * adding generic contract type * implemented suggestions * merging latest from experimental branch * adding withdraw andmsgSender protection * adding withdraw andmsgSender protection * prettier * fixing typo * assembly memory fix * combined generic contract pr * deployments * deployments * adding support for `asciihex` compiler function * adding comments and fixing missed check * Feature/holo 613 rename pa1d to royalty (#90) * name change * Quick minor updates * Update reverts to use new ROYALTIES format * fix to test Co-authored-by: Vitto <admin@vitto.io> * royalties hotfix (#91) * royalties change * develop env deployments of royalties hotfix * Feature/holo 612 royalty smart contract improvements (#93) * First pass at royalty contract improvements * Second pass on royalty improvements from C4 audit * Remove broken check * Minor check and comments added * Remove check for greater than 10000 tokens for ERC20s in royalties * Add usage notes for payout functions * Add logic to allow setting a slot to use either transfer or call * Add handling for code-423n4/2022-10-holograph-findings#456 * Fix tests by passing proper init code * Add dev note on _callOptionalReturn * Limit payout addresses to 10 * Add test for max addresses * Improvement/holo 614 royalties smart contracts tests (#86) * royalties distribution * removed comments Co-authored-by: Alexander <alexanderattar@gmail.com> * cleanup * check send amount on ethPayouts Co-authored-by: Natalie Bravo <natalie.bravo@outlook.com> Co-authored-by: Vitto <admin@vitto.io> * Feature/HOLO-642: Implement Super Cold Storage logic into protocol (#92) * clean * implementing the super-cold-storage-signer * cleanup * Latest deployments 20221206 * Add external deployments back * Roll back to ff5b4ee due to incorrect deployment process on experimental env * Add latest deployments 20221206 Wed Dec 7 03:08:37 UTC 2022 Co-authored-by: Natalie Bravo <natalie.bravo@outlook.com> Co-authored-by: ACC01ADE <admin@vitto.io> * Add latest develop deployments Wed Dec 7 17:57:20 UTC 2022 * Add latest develop deployments Wed Dec 7 17:57:20 UTC 2022 Co-authored-by: Natalie Bravo <natalie.bravo@outlook.com> Co-authored-by: ACC01ADE <admin@vitto.io> * Add latest testnet deployments and abis (#97) * Add latest testnet deployments and abis * Update deployment salt history file for clarity * local changes * updates * fixes * clearer check for false * fixing nonce issue * multisig transfer * mainnet upgrade test * switching to networks npm package for multisig reference * cleanup on aisle 9 * fixed nonce bug for tests and adding recoverJob tests * nonce fix * test gas limit adjustment * adding details to bad gas for test Co-authored-by: Alexander <alexanderattar@users.noreply.github.com> Co-authored-by: Natalie Bravo <natalie.bravo@outlook.com>

* Improvement/ HOLO 595 Enforce prettier / lint run on protocol (#81) * prettier and eslint setup to run action * fixed command on prettier action * fixed command on prettier action and package.json * fixed command on prettier action * Remove unknown prettier options * husky prepush check for linting and prettier * added husky prepare on package.json * fixed husky prepare on package.json * fixed husky pre-push Co-authored-by: Alexander <alexanderattar@gmail.com> * Add solhint config and fix prettier config (#83) * Feature/HOLO-604: implementing critical issue fixes (#84) * fixing critical issues * implemented suggestions * Featuer/HOLO-605: C4 medium risk fixes (#88) * init * fixes * enforcing msgSender on all source contract calls * fixing typo * fixing tests * test fixes and prettier * royatlies patch * removing unused library * Feature/adding generic contract type (#85) * fixing critical issues * adding generic contract type * implemented suggestions * merging latest from experimental branch * adding withdraw andmsgSender protection * adding withdraw andmsgSender protection * prettier * fixing typo * assembly memory fix * combined generic contract pr * deployments * deployments * adding support for `asciihex` compiler function * adding comments and fixing missed check * Feature/holo 613 rename pa1d to royalty (#90) * name change * Quick minor updates * Update reverts to use new ROYALTIES format * fix to test Co-authored-by: Vitto <admin@vitto.io> * royalties hotfix (#91) * royalties change * develop env deployments of royalties hotfix * Feature/holo 612 royalty smart contract improvements (#93) * First pass at royalty contract improvements * Second pass on royalty improvements from C4 audit * Remove broken check * Minor check and comments added * Remove check for greater than 10000 tokens for ERC20s in royalties * Add usage notes for payout functions * Add logic to allow setting a slot to use either transfer or call * Add handling for code-423n4/2022-10-holograph-findings#456 * Fix tests by passing proper init code * Add dev note on _callOptionalReturn * Limit payout addresses to 10 * Add test for max addresses * Improvement/holo 614 royalties smart contracts tests (#86) * royalties distribution * removed comments Co-authored-by: Alexander <alexanderattar@gmail.com> * cleanup * check send amount on ethPayouts Co-authored-by: Natalie Bravo <natalie.bravo@outlook.com> Co-authored-by: Vitto <admin@vitto.io> * Feature/HOLO-642: Implement Super Cold Storage logic into protocol (#92) * clean * implementing the super-cold-storage-signer * cleanup * Latest deployments 20221206 * Add external deployments back * Roll back to ff5b4ee due to incorrect deployment process on experimental env * Add latest deployments 20221206 Wed Dec 7 03:08:37 UTC 2022 * Merge develop * HOLO-678: Deployment patches (#98) * Release/develop to testnet 20221207 (#96) * Merge experimental * Experimental to Develop 20221206 (#95) * Improvement/ HOLO 595 Enforce prettier / lint run on protocol (#81) * prettier and eslint setup to run action * fixed command on prettier action * fixed command on prettier action and package.json * fixed command on prettier action * Remove unknown prettier options * husky prepush check for linting and prettier * added husky prepare on package.json * fixed husky prepare on package.json * fixed husky pre-push Co-authored-by: Alexander <alexanderattar@gmail.com> * Add solhint config and fix prettier config (#83) * Feature/HOLO-604: implementing critical issue fixes (#84) * fixing critical issues * implemented suggestions * Featuer/HOLO-605: C4 medium risk fixes (#88) * init * fixes * enforcing msgSender on all source contract calls * fixing typo * fixing tests * test fixes and prettier * royatlies patch * removing unused library * Feature/adding generic contract type (#85) * fixing critical issues * adding generic contract type * implemented suggestions * merging latest from experimental branch * adding withdraw andmsgSender protection * adding withdraw andmsgSender protection * prettier * fixing typo * assembly memory fix * combined generic contract pr * deployments * deployments * adding support for `asciihex` compiler function * adding comments and fixing missed check * Feature/holo 613 rename pa1d to royalty (#90) * name change * Quick minor updates * Update reverts to use new ROYALTIES format * fix to test Co-authored-by: Vitto <admin@vitto.io> * royalties hotfix (#91) * royalties change * develop env deployments of royalties hotfix * Feature/holo 612 royalty smart contract improvements (#93) * First pass at royalty contract improvements * Second pass on royalty improvements from C4 audit * Remove broken check * Minor check and comments added * Remove check for greater than 10000 tokens for ERC20s in royalties * Add usage notes for payout functions * Add logic to allow setting a slot to use either transfer or call * Add handling for code-423n4/2022-10-holograph-findings#456 * Fix tests by passing proper init code * Add dev note on _callOptionalReturn * Limit payout addresses to 10 * Add test for max addresses * Improvement/holo 614 royalties smart contracts tests (#86) * royalties distribution * removed comments Co-authored-by: Alexander <alexanderattar@gmail.com> * cleanup * check send amount on ethPayouts Co-authored-by: Natalie Bravo <natalie.bravo@outlook.com> Co-authored-by: Vitto <admin@vitto.io> * Feature/HOLO-642: Implement Super Cold Storage logic into protocol (#92) * clean * implementing the super-cold-storage-signer * cleanup * Latest deployments 20221206 * Add external deployments back * Roll back to ff5b4ee due to incorrect deployment process on experimental env * Add latest deployments 20221206 Wed Dec 7 03:08:37 UTC 2022 Co-authored-by: Natalie Bravo <natalie.bravo@outlook.com> Co-authored-by: ACC01ADE <admin@vitto.io> * Add latest develop deployments Wed Dec 7 17:57:20 UTC 2022 * Add latest develop deployments Wed Dec 7 17:57:20 UTC 2022 Co-authored-by: Natalie Bravo <natalie.bravo@outlook.com> Co-authored-by: ACC01ADE <admin@vitto.io> * Add latest testnet deployments and abis (#97) * Add latest testnet deployments and abis * Update deployment salt history file for clarity * local changes * updates * fixes * clearer check for false * fixing nonce issue * multisig transfer * mainnet upgrade test * switching to networks npm package for multisig reference * cleanup on aisle 9 * fixed nonce bug for tests and adding recoverJob tests * nonce fix * test gas limit adjustment * adding details to bad gas for test Co-authored-by: Alexander <alexanderattar@users.noreply.github.com> Co-authored-by: Natalie Bravo <natalie.bravo@outlook.com> * Add code4rena audit report (#100) Co-authored-by: Natalie Bravo <natalie.bravo@outlook.com> Co-authored-by: ACC01ADE <admin@vitto.io>

* Merge experimental * Experimental to Develop 20221206 (#95) * Improvement/ HOLO 595 Enforce prettier / lint run on protocol (#81) * prettier and eslint setup to run action * fixed command on prettier action * fixed command on prettier action and package.json * fixed command on prettier action * Remove unknown prettier options * husky prepush check for linting and prettier * added husky prepare on package.json * fixed husky prepare on package.json * fixed husky pre-push Co-authored-by: Alexander <alexanderattar@gmail.com> * Add solhint config and fix prettier config (#83) * Feature/HOLO-604: implementing critical issue fixes (#84) * fixing critical issues * implemented suggestions * Featuer/HOLO-605: C4 medium risk fixes (#88) * init * fixes * enforcing msgSender on all source contract calls * fixing typo * fixing tests * test fixes and prettier * royatlies patch * removing unused library * Feature/adding generic contract type (#85) * fixing critical issues * adding generic contract type * implemented suggestions * merging latest from experimental branch * adding withdraw andmsgSender protection * adding withdraw andmsgSender protection * prettier * fixing typo * assembly memory fix * combined generic contract pr * deployments * deployments * adding support for `asciihex` compiler function * adding comments and fixing missed check * Feature/holo 613 rename pa1d to royalty (#90) * name change * Quick minor updates * Update reverts to use new ROYALTIES format * fix to test Co-authored-by: Vitto <admin@vitto.io> * royalties hotfix (#91) * royalties change * develop env deployments of royalties hotfix * Feature/holo 612 royalty smart contract improvements (#93) * First pass at royalty contract improvements * Second pass on royalty improvements from C4 audit * Remove broken check * Minor check and comments added * Remove check for greater than 10000 tokens for ERC20s in royalties * Add usage notes for payout functions * Add logic to allow setting a slot to use either transfer or call * Add handling for code-423n4/2022-10-holograph-findings#456 * Fix tests by passing proper init code * Add dev note on _callOptionalReturn * Limit payout addresses to 10 * Add test for max addresses * Improvement/holo 614 royalties smart contracts tests (#86) * royalties distribution * removed comments Co-authored-by: Alexander <alexanderattar@gmail.com> * cleanup * check send amount on ethPayouts Co-authored-by: Natalie Bravo <natalie.bravo@outlook.com> Co-authored-by: Vitto <admin@vitto.io> * Feature/HOLO-642: Implement Super Cold Storage logic into protocol (#92) * clean * implementing the super-cold-storage-signer * cleanup * Latest deployments 20221206 * Add external deployments back * Roll back to ff5b4ee due to incorrect deployment process on experimental env * Add latest deployments 20221206 Wed Dec 7 03:08:37 UTC 2022 Co-authored-by: Natalie Bravo <natalie.bravo@outlook.com> Co-authored-by: ACC01ADE <admin@vitto.io> * Add latest develop deployments Wed Dec 7 17:57:20 UTC 2022 * Merge testnet to develop 20221208 * Experimental to develop (#101) * Improvement/ HOLO 595 Enforce prettier / lint run on protocol (#81) * prettier and eslint setup to run action * fixed command on prettier action * fixed command on prettier action and package.json * fixed command on prettier action * Remove unknown prettier options * husky prepush check for linting and prettier * added husky prepare on package.json * fixed husky prepare on package.json * fixed husky pre-push Co-authored-by: Alexander <alexanderattar@gmail.com> * Add solhint config and fix prettier config (#83) * Feature/HOLO-604: implementing critical issue fixes (#84) * fixing critical issues * implemented suggestions * Featuer/HOLO-605: C4 medium risk fixes (#88) * init * fixes * enforcing msgSender on all source contract calls * fixing typo * fixing tests * test fixes and prettier * royatlies patch * removing unused library * Feature/adding generic contract type (#85) * fixing critical issues * adding generic contract type * implemented suggestions * merging latest from experimental branch * adding withdraw andmsgSender protection * adding withdraw andmsgSender protection * prettier * fixing typo * assembly memory fix * combined generic contract pr * deployments * deployments * adding support for `asciihex` compiler function * adding comments and fixing missed check * Feature/holo 613 rename pa1d to royalty (#90) * name change * Quick minor updates * Update reverts to use new ROYALTIES format * fix to test Co-authored-by: Vitto <admin@vitto.io> * royalties hotfix (#91) * royalties change * develop env deployments of royalties hotfix * Feature/holo 612 royalty smart contract improvements (#93) * First pass at royalty contract improvements * Second pass on royalty improvements from C4 audit * Remove broken check * Minor check and comments added * Remove check for greater than 10000 tokens for ERC20s in royalties * Add usage notes for payout functions * Add logic to allow setting a slot to use either transfer or call * Add handling for code-423n4/2022-10-holograph-findings#456 * Fix tests by passing proper init code * Add dev note on _callOptionalReturn * Limit payout addresses to 10 * Add test for max addresses * Improvement/holo 614 royalties smart contracts tests (#86) * royalties distribution * removed comments Co-authored-by: Alexander <alexanderattar@gmail.com> * cleanup * check send amount on ethPayouts Co-authored-by: Natalie Bravo <natalie.bravo@outlook.com> Co-authored-by: Vitto <admin@vitto.io> * Feature/HOLO-642: Implement Super Cold Storage logic into protocol (#92) * clean * implementing the super-cold-storage-signer * cleanup * Latest deployments 20221206 * Add external deployments back * Roll back to ff5b4ee due to incorrect deployment process on experimental env * Add latest deployments 20221206 Wed Dec 7 03:08:37 UTC 2022 * Merge develop * HOLO-678: Deployment patches (#98) * Release/develop to testnet 20221207 (#96) * Merge experimental * Experimental to Develop 20221206 (#95) * Improvement/ HOLO 595 Enforce prettier / lint run on protocol (#81) * prettier and eslint setup to run action * fixed command on prettier action * fixed command on prettier action and package.json * fixed command on prettier action * Remove unknown prettier options * husky prepush check for linting and prettier * added husky prepare on package.json * fixed husky prepare on package.json * fixed husky pre-push Co-authored-by: Alexander <alexanderattar@gmail.com> * Add solhint config and fix prettier config (#83) * Feature/HOLO-604: implementing critical issue fixes (#84) * fixing critical issues * implemented suggestions * Featuer/HOLO-605: C4 medium risk fixes (#88) * init * fixes * enforcing msgSender on all source contract calls * fixing typo * fixing tests * test fixes and prettier * royatlies patch * removing unused library * Feature/adding generic contract type (#85) * fixing critical issues * adding generic contract type * implemented suggestions * merging latest from experimental branch * adding withdraw andmsgSender protection * adding withdraw andmsgSender protection * prettier * fixing typo * assembly memory fix * combined generic contract pr * deployments * deployments * adding support for `asciihex` compiler function * adding comments and fixing missed check * Feature/holo 613 rename pa1d to royalty (#90) * name change * Quick minor updates * Update reverts to use new ROYALTIES format * fix to test Co-authored-by: Vitto <admin@vitto.io> * royalties hotfix (#91) * royalties change * develop env deployments of royalties hotfix * Feature/holo 612 royalty smart contract improvements (#93) * First pass at royalty contract improvements * Second pass on royalty improvements from C4 audit * Remove broken check * Minor check and comments added * Remove check for greater than 10000 tokens for ERC20s in royalties * Add usage notes for payout functions * Add logic to allow setting a slot to use either transfer or call * Add handling for code-423n4/2022-10-holograph-findings#456 * Fix tests by passing proper init code * Add dev note on _callOptionalReturn * Limit payout addresses to 10 * Add test for max addresses * Improvement/holo 614 royalties smart contracts tests (#86) * royalties distribution * removed comments Co-authored-by: Alexander <alexanderattar@gmail.com> * cleanup * check send amount on ethPayouts Co-authored-by: Natalie Bravo <natalie.bravo@outlook.com> Co-authored-by: Vitto <admin@vitto.io> * Feature/HOLO-642: Implement Super Cold Storage logic into protocol (#92) * clean * implementing the super-cold-storage-signer * cleanup * Latest deployments 20221206 * Add external deployments back * Roll back to ff5b4ee due to incorrect deployment process on experimental env * Add latest deployments 20221206 Wed Dec 7 03:08:37 UTC 2022 Co-authored-by: Natalie Bravo <natalie.bravo@outlook.com> Co-authored-by: ACC01ADE <admin@vitto.io> * Add latest develop deployments Wed Dec 7 17:57:20 UTC 2022 * Add latest develop deployments Wed Dec 7 17:57:20 UTC 2022 Co-authored-by: Natalie Bravo <natalie.bravo@outlook.com> Co-authored-by: ACC01ADE <admin@vitto.io> * Add latest testnet deployments and abis (#97) * Add latest testnet deployments and abis * Update deployment salt history file for clarity * local changes * updates * fixes * clearer check for false * fixing nonce issue * multisig transfer * mainnet upgrade test * switching to networks npm package for multisig reference * cleanup on aisle 9 * fixed nonce bug for tests and adding recoverJob tests * nonce fix * test gas limit adjustment * adding details to bad gas for test Co-authored-by: Alexander <alexanderattar@users.noreply.github.com> Co-authored-by: Natalie Bravo <natalie.bravo@outlook.com> * Add code4rena audit report (#100) Co-authored-by: Natalie Bravo <natalie.bravo@outlook.com> Co-authored-by: ACC01ADE <admin@vitto.io> Co-authored-by: Natalie Bravo <natalie.bravo@outlook.com> Co-authored-by: ACC01ADE <admin@vitto.io>

fixing critical issues

6c4c3c6

ACC01ADE requested review from sogoiii and alexanderattar November 12, 2022 03:35

Merge branch 'experimental' into feature/HOLO-604-high-risk-c4-fixes

2d5f00f

alexanderattar reviewed Nov 13, 2022

View reviewed changes

contracts/HolographOperator.sol Outdated Show resolved Hide resolved

alexanderattar approved these changes Nov 14, 2022

View reviewed changes

deploy/07_layer_zero_module.ts Outdated Show resolved Hide resolved

implemented suggestions

c4e78a6

ACC01ADE requested a review from alexanderattar November 14, 2022 19:07

ACC01ADE merged commit 1d0bfe4 into experimental Nov 14, 2022

ACC01ADE deleted the feature/HOLO-604-high-risk-c4-fixes branch November 14, 2022 21:26

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Feature/HOLO-604: implementing critical issue fixes #84

Feature/HOLO-604: implementing critical issue fixes #84

ACC01ADE commented Nov 12, 2022 •

edited

Loading

alexanderattar left a comment

Feature/HOLO-604: implementing critical issue fixes #84

Feature/HOLO-604: implementing critical issue fixes #84

Conversation

ACC01ADE commented Nov 12, 2022 • edited Loading

Describe Changes

Checklist before requesting a review

alexanderattar left a comment

Choose a reason for hiding this comment

ACC01ADE commented Nov 12, 2022 •

edited

Loading