40,000 USDC
View results
Submission Details
Severity: medium
Valid

The escrow does not work with tokens that have fees on transfer

Summary

When trying to use a ERC20 token that has fees on transfer the creation of the escrow will revert

Vulnerability Details

New Escrows are created by using the function newEscrow() in EscrowFactory.sol. This function computes the address where the escrow will be deployed at and sends the amount of tokens specified in the variable price from the buyer to the address of the new escrow. When running the constructor of the contract Escrow.sol it is checked if the token amount held by the contract address is smaller than the price. If so the creation of the contract reverts. This means that it is not possible to use ERC20 tokens that have fees on transfer since the amount ending up in the contract will be price – fees and be always smaller than the required price amount to create the escrow.

Impact

No tokens with fee on transfer can be used for the escrow

Tools Used

Manual review

Recommendations

When creating an escrow let the user specify how much tokens they want to send to the contract. If this variable is empty the price amount is send, if they have a fee on transfer token they can send in the extra fees on top of the price and the escrow will successfully deploy.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.