CodeHawks Escrow Contract - Competition Details
Cyfrin
Foundry
40,000 USDC
View results
Previous Next
Submission Details
Severity: gas
Valid

NatSpec documentation for function return parameter is missing

codeslide

Summary

The Solidity documentation recommends "that Solidity contracts are fully annotated using NatSpec for all public interfaces (everything in the ABI)." NatSpec documentation should be used for improved readability, a better user experience, enhanced auditability, enablement of automated testing and verification, and to promote standardization and interoperability. (Functions with no NatSpec documentation at all are listed under the "NatSpec documentation for function is missing" issue.)

Vulnerability Details

There are 2 instances of this issue.

File: src/EscrowFactory.sol
20: function newEscrow(
21: uint256 price,
22: IERC20 tokenContract,
23: address seller,
24: address arbiter,
25: uint256 arbiterFee,
26: bytes32 salt
27: ) external returns (IEscrow) {
56: function computeEscrowAddress(
57: bytes memory byteCode,
58: address deployer,
59: uint256 salt,
60: uint256 price,
61: IERC20 tokenContract,
62: address buyer,
63: address seller,
64: address arbiter,
65: uint256 arbiterFee
66: ) public pure returns (address) {
File Link Instance Count Instance Links
EscrowFactory.sol 2 20,56

Impact

Decreased readability/maintainability of project source code, increased complexity of automated testing, and a reduced contract user experience.

Tools Used

baudit: a custom static code analysis tool; manual review

Recommendations

Add NatSpec documentation for all return parameters to public functions.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.