3 matches found
MED: HolographOperator.sol 's resetOperator() function allows malicious or hacked admin to permanently freeze operator's bonded tokens.
Lines of code Vulnerability details Description In HolographOperator, the following function is implemented: function resetOperator uint256 blockTime, uint256 baseBondAmount, uint256 podMultiplier, uint256 operatorThreshold, uint256 operatorThresholdStep, uint256 operatorThresholdDivisor external...
Users can create beam request for a destination chain without paying a fee.
Lines of code Vulnerability details Impact When a user creates a beam request for a destination chain, the user can input zero as a value for gasLimit. With this, the user is able to make the request without paying any fees to Hologram since messagingModule.getHlgFeetoChain, gasLimit, gasPrice;...
Weak randomness
Lines of code Vulnerability details Vulnerability details Description In the function crossChainMessage of HolographOperator contract there is the following logic implemented for the calculation of the random value: / @dev use job hash, job nonce, block number, and block timestamp for generating ...