As the code comment says: @dev There is a risk that if a malicious token is used, the dispute process could be manipulated.
I do not agree to hand over the legitimacy and security of the tokenContract
to msg.sender. So what should the protocol do to limit.
tokenContract
is always an unsafe input, for fairness, it is recommended to add a whitelist for token
https://github.com/Cyfrin/2023-07-escrow/blob/main/src/EscrowFactory.sol#L20
As the code comment says: @dev There is a risk that if a malicious token is used, the dispute process could be manipulated.
vs code
I think it's a design issue. tokenContract
is always an unsafe input, for fairness, it is recommended to add a whitelist for token, and add a function to add token to whitelist by owner.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.