Contest: https://code4rena.com/contests/2022-10-holograph-contest
- H-01 Bridged messages may fail in the destination chain and be irrecoverable
- H-02 ETH payout in
PA1Dcontract could always fail if at least one receiver reverts - H-03 The function
revertedBridgeOutRequestmay not revert in all cases and have side effects
- M-01 Suspicious gas cost estimate in
_payoutEth()function ofPA1Dcontract - M-02 The function
getDeploymentBlock()in theHolographercontract returns an incorrect data type - M-03 Wrong parameter is sent in the
onERC721Receivedhook of theHolographERC721contract - M-04 Pseudorandomness could be abused to favor an operator
- M-05 Packed variables can be overlapped when packing a job to storage in the
HolographOperatorcontract - M-06 Unprotected
bridgeInanddeployHolographableContractinHolographFactoryare susceptible to replay attacks - M-07 Unclear usage of payable functions involved in the "bridge in" flow
- M-08 ERC20 and ERC721 base contracts have a non-reverting
receivefunction