40,000 USDC
View results
Submission Details
Severity: low

salt front-run mitigation

Summary

Current implementation allows newEscrow deployer to arbitrarly set salt, which is a known vulnerbility

Vulnerability Details

arbitrary salt exposes newEscrow deployment proccess to front-run attacks, where malicous user can bid more gas to deploy the same contract before the actual user, potentially taking control of the escrow contract as well as the tokens

Tools Used

manual review

Recommendations

Using a random salt for each escrow could prove very beneficial here, utilizing block.prevrandaoto generate a completely random new salt for each new escrow
more precisely bytes32(uint256(keccak256(abi.encodePacked(block.prevrandao))))
which would leave the salt completely out of any user's calldata as well remedy the potential vulnerability

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.