40,000 USDC
View results
Submission Details
Severity: medium

Send any remaining token balances to the buyer in `Escrow.sol::confirmReceipt()`

Summary

Send any remaining token balances to the buyer in Escrow.sol::confirmReceipt()

Vulnerability Details

The Escrow contract might have some extra funds, which could be more than i_price. This could be happen because of pre-funding the contract multiple times by mistake, or due to multiple attempts when creating the Escrow account.

After seller is sent i_price amount of tokens in the Escrow.sol::confirmReceipt() method, the rest of the amount should be sent back to the buyer, so that there is no loss of funds if there was such multiple findings.

Impact

If the Escrow contract had more funds than i_price, then they can never be recovered

Severity Justification

Marking this as medium as both the following medium criteria satisfy:

  • Funds are indirectly at risk

  • Disruption of protocol functionality or availability

Source: https://docs.codehawks.com/rewards-and-judging

Tools Used

Manual inspection

Recommendations

Update the method as:

function confirmReceipt() external onlyBuyer inState(State.Created) {
s_state = State.Confirmed;
emit Confirmed(i_seller);
i_tokenContract.safeTransfer(i_seller, i_price);
i_tokenContract.safeTransfer(i_buyer, i_tokenContract.balanceOf(address(this)) - i_price);
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.