No way to change audit price without arbiter or deploying second contract
Vulnerability Details
The main purpose of the CodeHawks Escrow Contract is to secure an agreement between the audit buyer and seller regarding the audit price. However, the audit contract may include other important arrangements, including but not limited to audit scope, duration, and possible fines and penalties. These terms are agreed upon separately between the parties and may vary from one audit to another, making it challenging to include them in the smart contract without significantly increasing its complexity. But there is some room for improvement without minor changes.
During the audit process, parties may agree to change the audit price due to previously unforeseen circumstances. Unfortunately, with the current smart contract architecture, the only way to lower the audit price is by initiating a dispute and paying an arbiter fee, while increasing the price is not possible at all.
Impact
Additional price agreements between parties may not be sealed without extra expenses for initiating dispute in case of decreasing price or deploying second contract in case of increasing.
Tools Used
Observation
Recommendations
Add increase/decrease price functions with onlyBuyer/onlySeller modifiers
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.