The escrow does not work with tokens that have fees on transfer
Summary
When trying to use a ERC20 token that has fees on transfer the creation of the escrow will revert
Vulnerability Details
New Escrows are created by using the function newEscrow() in EscrowFactory.sol. This function computes the address where the escrow will be deployed at and sends the amount of tokens specified in the variable price from the buyer to the address of the new escrow. When running the constructor of the contract Escrow.sol it is checked if the token amount held by the contract address is smaller than the price. If so the creation of the contract reverts. This means that it is not possible to use ERC20 tokens that have fees on transfer since the amount ending up in the contract will be price – fees and be always smaller than the required price amount to create the escrow.
Impact
No tokens with fee on transfer can be used for the escrow
Tools Used
Manual review
Recommendations
When creating an escrow let the user specify how much tokens they want to send to the contract. If this variable is empty the price amount is send, if they have a fee on transfer token they can send in the extra fees on top of the price and the escrow will successfully deploy.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.