CodeHawks Escrow Contract - Competition Details
Cyfrin
Foundry
40,000 USDC
View results
Previous Next
Submission Details
Severity: low

Denial of Service state when attempting to create Escrow with 0 price and 0 fee

Bad

Summary

A logic issue was identified which would cause the Escrow system to be unusable. In the event that an Escrow was set up with 0 price and 0 arbiter fee (edge case), the constructor for Escrow would always revert due to the manner in which it checked the price and the fee before reverting.

Vulnerability Details

There is no vulnerability to security directly, other than causing a denial of service state for the user attempting to set up this escrow. Although this usage may be an edge case, and potentially not a common occurence, denying a user from setting up an escrow with this information is a DoS against that user. This does not appear to impact anyone else.

Broken code:

if (arbiterFee >= price) revert Escrow__FeeExceedsPrice(price, arbiterFee);

Foundry Test:

function testZeroPriceZeroFee() public {
vm.startPrank(BUYER);
escrow = escrowFactory.newEscrow(0, i_tokenContract, SELLER, ARBITER, 0, SALT1);
vm.stopPrank();
}

Test result:

Failing tests:
Encountered 1 failing test in test/unit/EscrowTest.t.sol:EscrowTest
[FAIL. Reason: Escrow__FeeExceedsPrice(0, 0)] testZeroPriceZeroFee() (gas: 75778)

Impact

Causes a denial of service state by consistently reverting for the user attempting to use the Escrow in this instance.

Tools Used

  • VS Code

  • Foundry

  • Manually reading the code

Recommendations

It is recommended to change the impacted line to the following to only check if the fee is greater than the price, not also equal too:

if (arbiterFee > price) revert Escrow__FeeExceedsPrice(price, arbiterFee);

Foundry test re-run (note, all previous tests also passed with this change):

Ran 3 test suites: 32 tests passed, 0 failed, 0 skipped (32 total tests)

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.