Current implementation allows newEscrow deployer to arbitrarly set salt, which is a known vulnerbility
arbitrary salt exposes newEscrow
deployment proccess to front-run attacks, where malicous user can bid more gas to deploy the same contract before the actual user, potentially taking control of the escrow contract as well as the tokens
manual review
Using a random salt for each escrow could prove very beneficial here, utilizing block.prevrandao
to generate a completely random new salt for each new escrow
more precisely bytes32(uint256(keccak256(abi.encodePacked(block.prevrandao))))
which would leave the salt completely out of any user's calldata as well remedy the potential vulnerability
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.