Factory not tracking created Escrows
Summary
Factory contract creating new Escrows does not track them
Vulnerability Details
It is important and may be beneficial to keep track of all the Escrows that have been created by a buyer/client onchain
Yes this information can be acessible offchain but keeping track on contract can make it callable via functions easily. Not having it can impact data accessibility, tracking of the contracts or make it more harder to analyze.
Impact
Informational: This improves the recording of information, the availability of information to access e.g to see all contracts created by a buyer/client easily. It enhances code quality, maintainability, usability of code etc. Say you want to loop through all the contracts of buyer and add up the amounts they have spent by adding up the price of each contract etc
Tools Used
Manual Analysis
Recommendations
It is recommended to keep a list of all Escrow contracts created by a buyer. For example suggestion below in
EscrowFactory.sol
mapping(address buyer => Escrow[] escrows) buyerEscrows
function newEscrow(....) {
.....
buyerEscrows[msg.sender].push(escrow)
}
Above suggestion or any other relevant method to ensure there is tracking of the contracts created by the Factory
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.