CodeHawks Escrow Contract - Competition Details

Cyfrin

Foundry

40,000 USDC

Submission Details

Severity: high

[H-03] ABI encodePacked Collision

Collision can exist due to the use of many dynamic types in abi.encodePacked

The computeEscrowAddress() function in EscrowFactory.sol calls abi.encodePacked() with multiple dynamic arguments and a collision is possible.

High impact on the creation of contracts

Do not use more than one dynamic type in abi.encodePacked(). Use abi.encode().

Total prize

40,000 USDC

nSLOC

186

215 USDC / LOC

High Medium

37,000 USDC

Low

3,000 USDC

The contest is live. Earn rewards by submitting a finding.

Submissions are being carefully reviewed by our judges.

This is your time to appeal against judgements on your submissions.

Appeals are being carefully reviewed by our judges.

The contest is complete and the rewards are being distributed.

Support

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.