CodeHawks Escrow Contract - Competition Details
Cyfrin
Foundry
40,000 USDC
View results
Previous Next
Submission Details
Severity: gas

Potential Gas Limit

serverconnected

Summary

A function could potentially face gas limit issues if there are many token transfers, especially if the number of recipients or the size of the token balances is substantial.

Vulnerability Details

In the resolveDispute function there are multiple token transfer being made, which could lead to gas cost issues since gas cost of token transfers increases with the number of recipients and the size of the token balances being transferred.

Impact

function resolveDispute(uint256 buyerAward) external onlyArbiter nonReentrant inState(State.Disputed) {
uint256 tokenBalance = i_tokenContract.balanceOf(address(this));
uint256 totalFee = buyerAward + i_arbiterFee; // Reverts on overflow
if (totalFee > tokenBalance) {
revert Escrow__TotalFeeExceedsBalance(tokenBalance, totalFee);
}
s_state = State.Resolved;
emit Resolved(i_buyer, i_seller);
if (buyerAward > 0) {
i_tokenContract.safeTransfer(i_buyer, buyerAward);
}
if (i_arbiterFee > 0) {
i_tokenContract.safeTransfer(i_arbiter, i_arbiterFee);
}
tokenBalance = i_tokenContract.balanceOf(address(this));
if (tokenBalance > 0) {
i_tokenContract.safeTransfer(i_seller, tokenBalance);
}
}

Tools Used

Manual Review

Recommendations

One optimisation is to consolidate token transfers whenever possible. Instead of performing multiple token transfers for the buyerAward, arbiterFee, and remaining tokenBalance, you can batch these transfers into a single operation. This way, you reduce the number of external function calls, thus saving gas.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.