Vulnerability Details

The main purpose of the CodeHawks Escrow Contract is to secure an agreement between the audit buyer and seller regarding the audit price. However, the audit contract may include other important arrangements, including but not limited to audit scope, duration, and possible fines and penalties. These terms are agreed upon separately between the parties and may vary from one audit to another, making it challenging to include them in the smart contract without significantly increasing its complexity. But there is some room for improvement without minor changes.

During the audit process, parties may agree to change the audit price due to previously unforeseen circumstances. Unfortunately, with the current smart contract architecture, the only way to lower the audit price is by initiating a dispute and paying an arbiter fee, while increasing the price is not possible at all.

Impact

Additional price agreements between parties may not be sealed without extra expenses for initiating dispute in case of decreasing price or deploying second contract in case of increasing.

Tools Used

Observation

Recommendations

Add increase/decrease price functions with onlyBuyer/onlySeller modifiers