There is an issue in the provided Escrow and EscrowFactory Solidity contracts that prevents proper functioning with fee-on-transfer tokens. Due to the contract design, the price
value specified during escrow creation might not match the actual number of tokens received because of the fees subtracted on transfer.
The vulnerability resides in the contract design and assumptions. The newEscrow
function in the EscrowFactory
contract and the constructor of the Escrow
contract assume that the total amount transferred is equal to the price
. With fee-on-transfer tokens, this is not true because a fee is deducted from each transfer, reducing the actual amount received by the contract. This leads to a scenario where the balance of tokens in the contract is less than the price
, causing the transaction to fail due to the check if (tokenContract.balanceOf(address(this)) < price) revert Escrow__MustDeployWithTokenBalance();
.
This issue could severely limit the use of the escrow contract with a broad class of tokens, specifically those that charge a fee on transfer. If a user attempts to set up an escrow with such a token, the transaction would fail, causing inconvenience and limiting functionality.
Manual code review.
To correct this issue, the constructor of the Escrow
contract should be modified to set the price
value to the actual balance of tokens in the contract after the transfer. This can be achieved by making the following change:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.