CodeHawks Escrow Contract - Competition Details

Cyfrin

Foundry

40,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Concern Regarding Lack of Cap on `buyerAward` in `Escrow.sol`

serverconnected

Summary

In the resolveDispute function of Escrow.sol, I noticed that there isn't a cap on the buyerAward parameter, which can potentially lead to an unfair scenario where the buyer and arbiter could collaborate to secure the majority of the locked funds. This situation could adversely impact the seller, resulting in significant losses for the seller upon completion of the work.

Vulnerability Details

For example, consider a case where the total locked price is 10 DAI tokens, and the arbiter fee is 2 DAI tokens. By setting the buyerAward to a value less than 8 DAI tokens (e.g., 7 DAI tokens), the buyer and arbiter can together receive the majority of the locked funds, leaving only 1 DAI token for the seller.

Impact

// @audit-issue if buyer and arbiter work together then can get majority of the locked funds

// @audit-issue ex: locked funds 10

// @audit-issue ex: arbiter fee: 5 (valid since arbiter fee is < locked price)

// @audit-issue ex: arbiter can set buyAward as 4 (valid since buyAward + arbiter fee < locked price)

// @audit-issue ex: seller will get less funds

// @audit-info there needs to be a cap on arbiter fee and buyAward

/// @inheritdoc IEscrow

function resolveDispute(uint256 buyerAward) external onlyArbiter nonReentrant inState(State.Disputed) {

uint256 tokenBalance = i_tokenContract.balanceOf(address(this));

uint256 totalFee = buyerAward + i_arbiterFee; // Reverts on overflow

if (totalFee > tokenBalance) {

revert Escrow__TotalFeeExceedsBalance(tokenBalance, totalFee);

}

s_state = State.Resolved;

emit Resolved(i_buyer, i_seller);

if (buyerAward > 0) {

i_tokenContract.safeTransfer(i_buyer, buyerAward);

}

if (i_arbiterFee > 0) {

i_tokenContract.safeTransfer(i_arbiter, i_arbiterFee);

}

tokenBalance = i_tokenContract.balanceOf(address(this));

if (tokenBalance > 0) {

i_tokenContract.safeTransfer(i_seller, tokenBalance);

}

Tools Used

Manual Review

Recommendations

To address this vulnerability and ensure a fair resolution process, I strongly recommend implementing a cap on the buyerAward, such as limiting it to a maximum percentage of the total locked price. For instance, setting a cap of 20% on the buyerAward would prevent any malicious intent by the buyer and arbiter to disproportionately benefit from the locked funds.

By introducing this cap, you can safeguard the seller's interests and maintain the contract's integrity throughout the dispute resolution process. The cap will serve as a crucial mitigation measure against potential collusion and unjust outcomes, fostering trust and transparency in the platform.

Prize pool breakdown

Total prize

40,000 USDC

nSLOC

186

215 USDC / LOC

High Medium

37,000 USDC

Low

3,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.