Picodes/Holograph_C4udit.md

## Holograph_C4udit.md

      
    Raw
  

              Holograph_C4udit.md
            
          
    c4udit Report

Files analyzed


../2022-10-holograph/contracts/HolographBridge.sol
../2022-10-holograph/contracts/HolographFactory.sol
../2022-10-holograph/contracts/HolographOperator.sol
../2022-10-holograph/contracts/abstract/ERC20H.sol
../2022-10-holograph/contracts/abstract/ERC721H.sol
../2022-10-holograph/contracts/enforcer/HolographERC20.sol
../2022-10-holograph/contracts/enforcer/HolographERC721.sol
../2022-10-holograph/contracts/enforcer/Holographer.sol
../2022-10-holograph/contracts/enforcer/PA1D.sol
../2022-10-holograph/contracts/module/LayerZeroModule.sol

Issues found

Don't Initialize Variables with Default Value

Impact

Issue Information: G001
Findings:

../2022-10-holograph/contracts/HolographBridge.sol::380 => uint256 fee = 0;
../2022-10-holograph/contracts/HolographOperator.sol::310 => uint256 gasLimit = 0;
../2022-10-holograph/contracts/HolographOperator.sol::311 => uint256 gasPrice = 0;
../2022-10-holograph/contracts/HolographOperator.sol::781 => for (uint256 i = 0; i < length; i++) {
../2022-10-holograph/contracts/enforcer/HolographERC20.sol::564 => for (uint256 i = 0; i < wallets.length; i++) {
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::357 => for (uint256 i = 0; i < length; i++) {
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::531 => //     for (uint256 i = 0; i < tokenIds.length; i++) {
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::547 => //     for (uint256 i = 0; i < tokenIds.length; i++) {
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::564 => //     for (uint256 i = 0; i < length; i++) {
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::716 => for (uint256 i = 0; i < length; i++) {
../2022-10-holograph/contracts/enforcer/PA1D.sol::307 => for (uint256 i = 0; i < length; i++) {
../2022-10-holograph/contracts/enforcer/PA1D.sol::323 => for (uint256 i = 0; i < length; i++) {
../2022-10-holograph/contracts/enforcer/PA1D.sol::340 => for (uint256 i = 0; i < length; i++) {
../2022-10-holograph/contracts/enforcer/PA1D.sol::356 => for (uint256 i = 0; i < length; i++) {
../2022-10-holograph/contracts/enforcer/PA1D.sol::394 => for (uint256 i = 0; i < length; i++) {
../2022-10-holograph/contracts/enforcer/PA1D.sol::414 => for (uint256 i = 0; i < length; i++) {
../2022-10-holograph/contracts/enforcer/PA1D.sol::432 => for (uint256 t = 0; t < tokenAddresses.length; t++) {
../2022-10-holograph/contracts/enforcer/PA1D.sol::437 => for (uint256 i = 0; i < addresses.length; i++) {
../2022-10-holograph/contracts/enforcer/PA1D.sol::454 => for (uint256 i = 0; i < addresses.length; i++) {
../2022-10-holograph/contracts/enforcer/PA1D.sol::474 => for (uint256 i = 0; i < addresses.length; i++) {

Tools used

c4udit
Cache Array Length Outside of Loop

Impact

Issue Information: G002
Findings:

../2022-10-holograph/contracts/HolographOperator.sol::316 => gasLimit := calldataload(sub(add(bridgeInRequestPayload.offset, bridgeInRequestPayload.length), 0x40))
../2022-10-holograph/contracts/HolographOperator.sol::320 => gasPrice := calldataload(sub(add(bridgeInRequestPayload.offset, bridgeInRequestPayload.length), 0x20))
../2022-10-holograph/contracts/HolographOperator.sol::363 => if (podIndex > 0 && podIndex < _operatorPods[pod].length) {
../2022-10-holograph/contracts/HolographOperator.sol::391 => _operatorPodIndex[job.operator] = _operatorPods[pod].length - 1;
../2022-10-holograph/contracts/HolographOperator.sol::408 => _operatorPodIndex[job.operator] = _operatorPods[pod].length - 1;
../2022-10-holograph/contracts/HolographOperator.sol::451 => calldatacopy(0, payload.offset, sub(payload.length, 0x20))
../2022-10-holograph/contracts/HolographOperator.sol::461 => mload(sub(payload.length, 0x40)),
../2022-10-holograph/contracts/HolographOperator.sol::469 => sub(payload.length, 0x40),
../2022-10-holograph/contracts/HolographOperator.sol::503 => uint256 pod = random % _operatorPods.length;
../2022-10-holograph/contracts/HolographOperator.sol::507 => uint256 podSize = _operatorPods[pod].length;
../2022-10-holograph/contracts/HolographOperator.sol::551 => calldatacopy(0, bridgeInRequestPayload.offset, sub(bridgeInRequestPayload.length, 0x40))
../2022-10-holograph/contracts/HolographOperator.sol::556 => let result := call(gas(), sload(_bridgeSlot), callvalue(), 0, sub(bridgeInRequestPayload.length, 0x40), 0, 0)
../2022-10-holograph/contracts/HolographOperator.sol::718 => return _operatorPods.length;
../2022-10-holograph/contracts/HolographOperator.sol::728 => require(_operatorPods.length >= pod, "HOLOGRAPH: pod does not exist");
../2022-10-holograph/contracts/HolographOperator.sol::729 => return _operatorPods[pod - 1].length;
../2022-10-holograph/contracts/HolographOperator.sol::739 => require(_operatorPods.length >= pod, "HOLOGRAPH: pod does not exist");
../2022-10-holograph/contracts/HolographOperator.sol::745 => * @dev Use in conjunction with getPodOperatorsLength to know the total length of results
../2022-10-holograph/contracts/HolographOperator.sol::748 => * @param length the length of result set to be (will be shorter if reached end of array)
../2022-10-holograph/contracts/HolographOperator.sol::754 => uint256 length
../2022-10-holograph/contracts/HolographOperator.sol::756 => require(_operatorPods.length >= pod, "HOLOGRAPH: pod does not exist");
../2022-10-holograph/contracts/HolographOperator.sol::762 => * @dev get total length of pod operators
../2022-10-holograph/contracts/HolographOperator.sol::764 => uint256 supply = _operatorPods[pod].length;
../2022-10-holograph/contracts/HolographOperator.sol::766 => * @dev check if length is out of bounds for this result set
../2022-10-holograph/contracts/HolographOperator.sol::768 => if (index + length > supply) {
../2022-10-holograph/contracts/HolographOperator.sol::770 => * @dev adjust length to return remainder of the results
../2022-10-holograph/contracts/HolographOperator.sol::772 => length = supply - index;
../2022-10-holograph/contracts/HolographOperator.sol::777 => operators = new address[](length);
../2022-10-holograph/contracts/HolographOperator.sol::781 => for (uint256 i = 0; i < length; i++) {
../2022-10-holograph/contracts/HolographOperator.sol::867 => if (_operatorPods.length < pod) {
../2022-10-holograph/contracts/HolographOperator.sol::871 => for (uint256 i = _operatorPods.length; i <= pod; i++) {
../2022-10-holograph/contracts/HolographOperator.sol::881 => require(_operatorPods[pod - 1].length < type(uint16).max, "HOLOGRAPH: too many operators");
../2022-10-holograph/contracts/HolographOperator.sol::883 => _operatorPodIndex[operator] = _operatorPods[pod - 1].length - 1;
../2022-10-holograph/contracts/HolographOperator.sol::1137 => uint256 lastIndex = _operatorPods[pod].length - 1;
../2022-10-holograph/contracts/HolographOperator.sol::1150 => * @dev shorten array length
../2022-10-holograph/contracts/HolographOperator.sol::1169 => if (pod >= _operatorPods.length) {
../2022-10-holograph/contracts/HolographOperator.sol::1173 => uint256 position = _operatorPods[pod].length;
../2022-10-holograph/contracts/enforcer/HolographERC20.sol::564 => for (uint256 i = 0; i < wallets.length; i++) {
../2022-10-holograph/contracts/enforcer/HolographERC20.sol::652 => if (reason.length == 0) {
../2022-10-holograph/contracts/enforcer/HolographERC20.sol::664 => if (reason.length == 0) {
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::341 => * @notice Get set length list, starting from index, for tokens owned by wallet.
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::344 => * @param length The length of returned results.
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::345 => * @return tokenIds uint256[] Returns a set length array of token ids owned by wallet.
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::350 => uint256 length
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::353 => if (index + length > supply) {
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::354 => length = supply - index;
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::356 => tokenIds = new uint256[](length);
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::357 => for (uint256 i = 0; i < length; i++) {
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::528 => //     require(tokenIds.length < 1000, "ERC721: max batch size is 1000");
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::531 => //     for (uint256 i = 0; i < tokenIds.length; i++) {
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::543 => //     require(wallets.length == tokenIds.length, "ERC721: array length missmatch");
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::544 => //     require(tokenIds.length < 1000, "ERC721: max batch size is 1000");
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::547 => //     for (uint256 i = 0; i < tokenIds.length; i++) {
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::560 => //     uint256 length
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::564 => //     for (uint256 i = 0; i < length; i++) {
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::700 => require(index < _allTokens.length, "ERC721: index out of bounds");
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::705 => * @notice Get set length list, starting from index, for all tokens.
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::707 => * @param length The length of returned results.
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::708 => * @return tokenIds uint256[] Returns a set length array of token ids minted.
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::710 => function tokens(uint256 index, uint256 length) external view returns (uint256[] memory tokenIds) {
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::711 => uint256 supply = _allTokens.length;
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::712 => if (index + length > supply) {
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::713 => length = supply - index;
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::715 => tokenIds = new uint256[](length);
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::716 => for (uint256 i = 0; i < length; i++) {
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::739 => return _allTokens.length;
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::781 => _allTokensIndex[tokenId] = _allTokens.length;
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::825 => uint256 lastTokenIndex = _allTokens.length - 1;
../2022-10-holograph/contracts/enforcer/PA1D.sol::301 => uint256 length;
../2022-10-holograph/contracts/enforcer/PA1D.sol::303 => length := sload(slot)
../2022-10-holograph/contracts/enforcer/PA1D.sol::305 => addresses = new address payable[](length);
../2022-10-holograph/contracts/enforcer/PA1D.sol::307 => for (uint256 i = 0; i < length; i++) {
../2022-10-holograph/contracts/enforcer/PA1D.sol::318 => uint256 length = addresses.length;
../2022-10-holograph/contracts/enforcer/PA1D.sol::320 => sstore(slot, length)
../2022-10-holograph/contracts/enforcer/PA1D.sol::323 => for (uint256 i = 0; i < length; i++) {
../2022-10-holograph/contracts/enforcer/PA1D.sol::334 => uint256 length;
../2022-10-holograph/contracts/enforcer/PA1D.sol::336 => length := sload(slot)
../2022-10-holograph/contracts/enforcer/PA1D.sol::338 => bps = new uint256[](length);
../2022-10-holograph/contracts/enforcer/PA1D.sol::340 => for (uint256 i = 0; i < length; i++) {
../2022-10-holograph/contracts/enforcer/PA1D.sol::351 => uint256 length = bps.length;
../2022-10-holograph/contracts/enforcer/PA1D.sol::353 => sstore(slot, length)
../2022-10-holograph/contracts/enforcer/PA1D.sol::356 => for (uint256 i = 0; i < length; i++) {
../2022-10-holograph/contracts/enforcer/PA1D.sol::385 => uint256 length = addresses.length;
../2022-10-holograph/contracts/enforcer/PA1D.sol::388 => uint256 gasCost = (23300 * length) + length;
../2022-10-holograph/contracts/enforcer/PA1D.sol::394 => for (uint256 i = 0; i < length; i++) {
../2022-10-holograph/contracts/enforcer/PA1D.sol::408 => uint256 length = addresses.length;
../2022-10-holograph/contracts/enforcer/PA1D.sol::414 => for (uint256 i = 0; i < length; i++) {
../2022-10-holograph/contracts/enforcer/PA1D.sol::432 => for (uint256 t = 0; t < tokenAddresses.length; t++) {
../2022-10-holograph/contracts/enforcer/PA1D.sol::437 => for (uint256 i = 0; i < addresses.length; i++) {
../2022-10-holograph/contracts/enforcer/PA1D.sol::454 => for (uint256 i = 0; i < addresses.length; i++) {
../2022-10-holograph/contracts/enforcer/PA1D.sol::467 => * @dev Addresses and bps arrays must be equal length. Bps values added together must equal 10000 exactly.
../2022-10-holograph/contracts/enforcer/PA1D.sol::472 => require(addresses.length == bps.length, "PA1D: missmatched array lenghts");
../2022-10-holograph/contracts/enforcer/PA1D.sol::474 => for (uint256 i = 0; i < addresses.length; i++) {
../2022-10-holograph/contracts/module/LayerZeroModule.sol::202 => calldatacopy(add(ptr, 0x0c), _srcAddress.offset, _srcAddress.length)
../2022-10-holograph/contracts/module/LayerZeroModule.sol::247 => abi.encodePacked(uint16(1), uint256(_baseGas() + (crossChainPayload.length * _gasPerByte())))
../2022-10-holograph/contracts/module/LayerZeroModule.sol::271 => uint256(_baseGas() + (crossChainPayload.length * _gasPerByte()))

Tools used

c4udit
Use != 0 instead of > 0 for Unsigned Integer Comparison

Impact

Issue Information: G003
Findings:

../2022-10-holograph/contracts/HolographBridge.sol::218 => if (hTokenValue > 0) {
../2022-10-holograph/contracts/HolographOperator.sol::309 => require(_operatorJobs[hash] > 0, "HOLOGRAPH: invalid job");
../2022-10-holograph/contracts/HolographOperator.sol::350 => require(timeDifference > 0, "HOLOGRAPH: operator has time");
../2022-10-holograph/contracts/HolographOperator.sol::363 => if (podIndex > 0 && podIndex < _operatorPods[pod].length) {
../2022-10-holograph/contracts/HolographOperator.sol::398 => if (leftovers > 0) {
../2022-10-holograph/contracts/HolographOperator.sol::1126 => if (operatorIndex > 0) {
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::815 => require(tokenId > 0, "ERC721: token id cannot be zero");

Tools used

c4udit
Use immutable for OpenZeppelin AccessControl's Roles Declarations

Impact

Issue Information: G006
Findings:

../2022-10-holograph/contracts/HolographBridge.sol::124 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.factory')) - 1)
../2022-10-holograph/contracts/HolographBridge.sol::128 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.holograph')) - 1)
../2022-10-holograph/contracts/HolographBridge.sol::132 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.jobNonce')) - 1)
../2022-10-holograph/contracts/HolographBridge.sol::136 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.operator')) - 1)
../2022-10-holograph/contracts/HolographBridge.sol::140 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.registry')) - 1)
../2022-10-holograph/contracts/HolographFactory.sol::125 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.holograph')) - 1)
../2022-10-holograph/contracts/HolographFactory.sol::129 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.registry')) - 1)
../2022-10-holograph/contracts/HolographFactory.sol::206 => bytes32 hash = keccak256(
../2022-10-holograph/contracts/HolographFactory.sol::211 => keccak256(config.byteCode),
../2022-10-holograph/contracts/HolographFactory.sol::212 => keccak256(config.initCode),
../2022-10-holograph/contracts/HolographFactory.sol::226 => uint160(uint256(keccak256(abi.encodePacked(bytes1(0xff), address(this), hash, keccak256(holographerBytecode)))))
../2022-10-holograph/contracts/HolographFactory.sol::333 => return (ecrecover(keccak256(abi.encodePacked("\x19Ethereum Signed Message:\n32", hash)), v, r, s) == signer ||
../2022-10-holograph/contracts/HolographOperator.sol::127 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.bridge')) - 1)
../2022-10-holograph/contracts/HolographOperator.sol::131 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.holograph')) - 1)
../2022-10-holograph/contracts/HolographOperator.sol::135 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.interfaces')) - 1)
../2022-10-holograph/contracts/HolographOperator.sol::139 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.jobNonce')) - 1)
../2022-10-holograph/contracts/HolographOperator.sol::143 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.messagingModule')) - 1)
../2022-10-holograph/contracts/HolographOperator.sol::147 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.registry')) - 1)
../2022-10-holograph/contracts/HolographOperator.sol::151 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.utilityToken')) - 1)
../2022-10-holograph/contracts/HolographOperator.sol::305 => bytes32 hash = keccak256(bridgeInRequestPayload);
../2022-10-holograph/contracts/HolographOperator.sol::491 => bytes32 jobHash = keccak256(bridgeInRequestPayload);
../2022-10-holograph/contracts/HolographOperator.sol::499 => uint256 random = uint256(keccak256(abi.encodePacked(jobHash, _jobNonce(), block.number, block.timestamp)));
../2022-10-holograph/contracts/HolographOperator.sol::651 => emit CrossChainMessageSent(keccak256(encodedData));
../2022-10-holograph/contracts/HolographOperator.sol::686 => * @dev The job hash is a keccak256 hash of the entire job payload
../2022-10-holograph/contracts/HolographOperator.sol::687 => * @param jobHash keccak256 hash of the job
../2022-10-holograph/contracts/abstract/ERC20H.sol::108 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.holographer')) - 1)
../2022-10-holograph/contracts/abstract/ERC20H.sol::112 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.owner')) - 1)
../2022-10-holograph/contracts/abstract/ERC721H.sol::108 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.holographer')) - 1)
../2022-10-holograph/contracts/abstract/ERC721H.sol::112 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.owner')) - 1)
../2022-10-holograph/contracts/enforcer/HolographERC20.sol::140 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.holograph')) - 1)
../2022-10-holograph/contracts/enforcer/HolographERC20.sol::144 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.sourceContract')) - 1)
../2022-10-holograph/contracts/enforcer/HolographERC20.sol::470 => bytes32 structHash = keccak256(
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::134 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.holograph')) - 1)
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::138 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.sourceContract')) - 1)
../2022-10-holograph/contracts/enforcer/Holographer.sol::117 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.originChain')) - 1)
../2022-10-holograph/contracts/enforcer/Holographer.sol::121 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.holograph')) - 1)
../2022-10-holograph/contracts/enforcer/Holographer.sol::125 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.contractType')) - 1)
../2022-10-holograph/contracts/enforcer/Holographer.sol::129 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.sourceContract')) - 1)
../2022-10-holograph/contracts/enforcer/Holographer.sol::133 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.blockHeight')) - 1)
../2022-10-holograph/contracts/enforcer/PA1D.sol::122 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.PA1D.defaultBp')) - 1)
../2022-10-holograph/contracts/enforcer/PA1D.sol::126 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.PA1D.defaultReceiver')) - 1)
../2022-10-holograph/contracts/enforcer/PA1D.sol::130 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.PA1D.initialized')) - 1)
../2022-10-holograph/contracts/enforcer/PA1D.sol::134 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.PA1D.payout.addresses')) - 1)
../2022-10-holograph/contracts/enforcer/PA1D.sol::138 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.PA1D.payout.bps')) - 1)
../2022-10-holograph/contracts/enforcer/PA1D.sol::257 => bytes32 slot = bytes32(uint256(keccak256(abi.encodePacked(_receiverString, tokenId))) - 1);
../2022-10-holograph/contracts/enforcer/PA1D.sol::269 => bytes32 slot = bytes32(uint256(keccak256(abi.encodePacked(_receiverString, tokenId))) - 1);
../2022-10-holograph/contracts/enforcer/PA1D.sol::280 => bytes32 slot = bytes32(uint256(keccak256(abi.encodePacked(_bpString, tokenId))) - 1);
../2022-10-holograph/contracts/enforcer/PA1D.sol::292 => bytes32 slot = bytes32(uint256(keccak256(abi.encodePacked(_bpString, tokenId))) - 1);
../2022-10-holograph/contracts/enforcer/PA1D.sol::308 => slot = keccak256(abi.encodePacked(i, slot));
../2022-10-holograph/contracts/enforcer/PA1D.sol::324 => slot = keccak256(abi.encodePacked(i, slot));
../2022-10-holograph/contracts/enforcer/PA1D.sol::341 => slot = keccak256(abi.encodePacked(i, slot));
../2022-10-holograph/contracts/enforcer/PA1D.sol::357 => slot = keccak256(abi.encodePacked(i, slot));
../2022-10-holograph/contracts/enforcer/PA1D.sol::366 => bytes32 slot = bytes32(uint256(keccak256(abi.encodePacked(_tokenAddressString, tokenName))) - 1);
../2022-10-holograph/contracts/enforcer/PA1D.sol::373 => bytes32 slot = bytes32(uint256(keccak256(abi.encodePacked(_tokenAddressString, tokenName))) - 1);
../2022-10-holograph/contracts/module/LayerZeroModule.sol::124 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.bridge')) - 1)
../2022-10-holograph/contracts/module/LayerZeroModule.sol::128 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.interfaces')) - 1)
../2022-10-holograph/contracts/module/LayerZeroModule.sol::132 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.lZEndpoint')) - 1)
../2022-10-holograph/contracts/module/LayerZeroModule.sol::136 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.operator')) - 1)
../2022-10-holograph/contracts/module/LayerZeroModule.sol::140 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.operator')) - 1)
../2022-10-holograph/contracts/module/LayerZeroModule.sol::144 => * @dev bytes32(uint256(keccak256('eip1967.Holograph.operator')) - 1)

Tools used

c4udit
Long Revert Strings

Impact

Issue Information: G007
Findings:

../2022-10-holograph/contracts/HolographBridge.sol::44 => The terms "reproduce," "reproduction," "derivative works," and
../2022-10-holograph/contracts/HolographBridge.sol::107 => import "./interface/HolographERC20Interface.sol";
../2022-10-holograph/contracts/HolographBridge.sol::109 => import "./interface/HolographInterface.sol";
../2022-10-holograph/contracts/HolographBridge.sol::110 => import "./interface/HolographBridgeInterface.sol";
../2022-10-holograph/contracts/HolographBridge.sol::111 => import "./interface/HolographFactoryInterface.sol";
../2022-10-holograph/contracts/HolographBridge.sol::112 => import "./interface/HolographOperatorInterface.sol";
../2022-10-holograph/contracts/HolographBridge.sol::113 => import "./interface/HolographRegistryInterface.sol";
../2022-10-holograph/contracts/HolographBridge.sol::114 => import "./interface/InitializableInterface.sol";
../2022-10-holograph/contracts/HolographFactory.sol::44 => The terms "reproduce," "reproduction," "derivative works," and
../2022-10-holograph/contracts/HolographFactory.sol::110 => import "./interface/HolographFactoryInterface.sol";
../2022-10-holograph/contracts/HolographFactory.sol::111 => import "./interface/HolographRegistryInterface.sol";
../2022-10-holograph/contracts/HolographFactory.sol::112 => import "./interface/InitializableInterface.sol";
../2022-10-holograph/contracts/HolographOperator.sol::44 => The terms "reproduce," "reproduction," "derivative works," and
../2022-10-holograph/contracts/HolographOperator.sol::107 => import "./interface/CrossChainMessageInterface.sol";
../2022-10-holograph/contracts/HolographOperator.sol::108 => import "./interface/HolographBridgeInterface.sol";
../2022-10-holograph/contracts/HolographOperator.sol::109 => import "./interface/HolographERC20Interface.sol";
../2022-10-holograph/contracts/HolographOperator.sol::110 => import "./interface/HolographInterface.sol";
../2022-10-holograph/contracts/HolographOperator.sol::111 => import "./interface/HolographOperatorInterface.sol";
../2022-10-holograph/contracts/HolographOperator.sol::112 => import "./interface/HolographRegistryInterface.sol";
../2022-10-holograph/contracts/HolographOperator.sol::113 => import "./interface/InitializableInterface.sol";
../2022-10-holograph/contracts/HolographOperator.sol::114 => import "./interface/HolographInterfacesInterface.sol";
../2022-10-holograph/contracts/abstract/ERC20H.sol::44 => The terms "reproduce," "reproduction," "derivative works," and
../2022-10-holograph/contracts/abstract/ERC721H.sol::44 => The terms "reproduce," "reproduction," "derivative works," and
../2022-10-holograph/contracts/enforcer/HolographERC20.sol::44 => The terms "reproduce," "reproduction," "derivative works," and
../2022-10-holograph/contracts/enforcer/HolographERC20.sol::115 => import "../interface/HolographERC20Interface.sol";
../2022-10-holograph/contracts/enforcer/HolographERC20.sol::122 => import "../interface/HolographedERC20.sol";
../2022-10-holograph/contracts/enforcer/HolographERC20.sol::123 => import "../interface/HolographInterface.sol";
../2022-10-holograph/contracts/enforcer/HolographERC20.sol::124 => import "../interface/HolographerInterface.sol";
../2022-10-holograph/contracts/enforcer/HolographERC20.sol::125 => import "../interface/HolographRegistryInterface.sol";
../2022-10-holograph/contracts/enforcer/HolographERC20.sol::126 => import "../interface/InitializableInterface.sol";
../2022-10-holograph/contracts/enforcer/HolographERC20.sol::127 => import "../interface/HolographInterfacesInterface.sol";
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::44 => The terms "reproduce," "reproduction," "derivative works," and
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::113 => import "../interface/HolographERC721Interface.sol";
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::115 => import "../interface/ERC721TokenReceiver.sol";
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::117 => import "../interface/HolographedERC721.sol";
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::118 => import "../interface/HolographInterface.sol";
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::119 => import "../interface/HolographerInterface.sol";
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::120 => import "../interface/HolographRegistryInterface.sol";
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::121 => import "../interface/InitializableInterface.sol";
../2022-10-holograph/contracts/enforcer/HolographERC721.sol::122 => import "../interface/HolographInterfacesInterface.sol";
../2022-10-holograph/contracts/enforcer/Holographer.sol::44 => The terms "reproduce," "reproduction," "derivative works," and
../2022-10-holograph/contracts/enforcer/Holographer.sol::107 => import "../interface/HolographInterface.sol";
../2022-10-holograph/contracts/enforcer/Holographer.sol::108 => import "../interface/HolographerInterface.sol";
../2022-10-holograph/contracts/enforcer/Holographer.sol::109 => import "../interface/HolographRegistryInterface.sol";
../2022-10-holograph/contracts/enforcer/Holographer.sol::110 => import "../interface/InitializableInterface.sol";
../2022-10-holograph/contracts/enforcer/PA1D.sol::44 => The terms "reproduce," "reproduction," "derivative works," and
../2022-10-holograph/contracts/enforcer/PA1D.sol::109 => import "../interface/InitializableInterface.sol";
../2022-10-holograph/contracts/enforcer/PA1D.sol::144 => string constant _tokenAddressString = "eip1967.Holograph.PA1D.tokenAddress";
../2022-10-holograph/contracts/enforcer/PA1D.sol::411 => require(balance > 10000, "PA1D: Not enough tokens to transfer");
../2022-10-holograph/contracts/enforcer/PA1D.sol::435 => require(balance > 10000, "PA1D: Not enough tokens to transfer");
../2022-10-holograph/contracts/module/LayerZeroModule.sol::44 => The terms "reproduce," "reproduction," "derivative works," and
../2022-10-holograph/contracts/module/LayerZeroModule.sol::109 => import "../interface/CrossChainMessageInterface.sol";
../2022-10-holograph/contracts/module/LayerZeroModule.sol::110 => import "../interface/HolographOperatorInterface.sol";
../2022-10-holograph/contracts/module/LayerZeroModule.sol::111 => import "../interface/InitializableInterface.sol";
../2022-10-holograph/contracts/module/LayerZeroModule.sol::112 => import "../interface/HolographInterfacesInterface.sol";
../2022-10-holograph/contracts/module/LayerZeroModule.sol::113 => import "../interface/LayerZeroModuleInterface.sol";
../2022-10-holograph/contracts/module/LayerZeroModule.sol::114 => import "../interface/LayerZeroOverrides.sol";

Tools used

c4udit
Use Shift Right/Left instead of Division/Multiplication if possible

Impact

Issue Information: G008
Findings:

../2022-10-holograph/contracts/HolographOperator.sol::533 => ); // 80 next available bit position && so far 176 bits used with only 128 left

Tools used

c4udit
Unsafe ERC20 Operation(s)

Impact

Issue Information: L001
Findings:

../2022-10-holograph/contracts/HolographOperator.sol::400 => _utilityToken().transfer(job.operator, leftovers);
../2022-10-holograph/contracts/HolographOperator.sol::596 => payable(hToken).transfer(hlgFee);
../2022-10-holograph/contracts/HolographOperator.sol::839 => require(_utilityToken().transferFrom(msg.sender, address(this), amount), "HOLOGRAPH: token transfer failed");
../2022-10-holograph/contracts/HolographOperator.sol::889 => require(_utilityToken().transferFrom(msg.sender, address(this), amount), "HOLOGRAPH: token transfer failed");
../2022-10-holograph/contracts/HolographOperator.sol::932 => require(_utilityToken().transfer(recipient, amount), "HOLOGRAPH: token transfer failed");
../2022-10-holograph/contracts/enforcer/PA1D.sol::396 => addresses[i].transfer(sending);
../2022-10-holograph/contracts/enforcer/PA1D.sol::416 => require(erc20.transfer(addresses[i], sending), "PA1D: Couldn't transfer token");
../2022-10-holograph/contracts/enforcer/PA1D.sol::439 => require(erc20.transfer(addresses[i], sending), "PA1D: Couldn't transfer token");

Tools used

c4udit