CodeHawks Escrow Contract - Competition Details
Cyfrin
Foundry
40,000 USDC
View results
Previous Next
Submission Details
Severity: gas

Empty bytes check is missing

oualidpro

Summary

Empty bytes check is missing

Vulnerability Details

When developing smart contracts in Solidity, it's crucial to validate the inputs of your functions. This includes ensuring that the bytes parameters are not empty, especially when they represent crucial data such as addresses, identifiers, or raw data that the contract needs to process.
Missing empty bytes checks can lead to unexpected behaviour in your contract.For instance, certain operations might fail, produce incorrect results, or consume unnecessary gas when performed with empty bytes.Moreover, missing input validation can potentially expose your contract to malicious activity, including exploitation of unhandled edge cases.
To mitigate these issues, always validate that bytes parameters are not empty when the logic of your contract requires it.

File: /src/EscrowFactory.sol
//@audit `salt` is not checked
20: function newEscrow(
uint256 price,
IERC20 tokenContract,
address seller,
address arbiter,
uint256 arbiterFee,
bytes32 salt
) external returns (IEscrow) {
//@audit `byteCode` is not checked
56: function computeEscrowAddress(
bytes memory byteCode,
address deployer,
uint256 salt,
uint256 price,
IERC20 tokenContract,
address buyer,
address seller,
address arbiter,
uint256 arbiterFee
) public pure returns (address) {

Link to code

File: /src/IEscrowFactory.sol
//@audit `salt` is not checked
20: function newEscrow(
uint256 price,
IERC20 tokenContract,
address seller,
address arbiter,
uint256 arbiterFee,
bytes32 salt
) external returns (IEscrow);
}

Link to code

Impact

Informational

Tools Used

Manual

Recommendations

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.