Errors more consistent and can capture more information
Summary
Custom Errors can be made to capture more information
Vulnerability Details
Custom errors that are to do with an actual value differing from an expected value seem to follow this pattern
They take parameters of the actual value and the expected value. See examples below:
IEscrow.sol
error Escrow__FeeExceedsPrice(uint256 price, uint256 fee);
error Escrow__InWrongState(State currentState, State expectedState);
error Escrow__TotalFeeExceedsBalance(uint256 balance, uint256 totalFee);
However if we look at other errors that may need to follow above pattern they are missing to give out the values of what was gotten vs what was expected: See examples below:
error Escrow__OnlyBuyer(); may be advisable to list address that called vs address buyer
error Escrow__OnlyBuyerOrSeller();may be advisable to list address that called vs address buyer and seller
error Escrow__OnlyArbiter(); may be advisable to list address that called vs address arbiter
error EscrowFactory__AddressesDiffer(); may be advisable to list address(escrow) vs computedAddress
Impact
Informational: Errors are critical for code detection, debugging and can be crucial to help resolve issues. Consider calling contracts with wallet in wrong address state while testing contracts and error shows actual address vs expected address so that you change accordingly helping you resolve issues faster. Richer Custom Errors enhance debugging, error tracking, development, code quality, readability and maintainability of code
Tools Used
Manual Analysis
Recommendations
Consider updating the errors as below
error Escrow__OnlyBuyer(address caller, address buyer); may be advisable to list address that called vs address buyer
error Escrow__OnlyBuyerOrSeller(address caller, address buyer, address seller);may be advisable to list address that called vs address buyer and seller
error Escrow__OnlyArbiter(address caller, address arbiter); may be advisable to list address that called vs address arbiter
error EscrowFactory__AddressesDiffer(address escrow, address computed); may be advisable to list computed address(escrow) vs computedAddress
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.