Base arbiterFee and buyerAward on Percentages
Summary
arbiterFee and buyerAward should be a percentage of price
Vulnerability Details
using a fixed fee for arbiter is not very convenient for the contract and its payment calculations. Percentages are more intuitive and easier to work with in terms of ensuring sanity checks for values
Impact
Gas Savings + Informational :
Improve the code readability and maintanability
Fee percentage is more intuitive and comparable as opposed to amounts
May make computations and code cleaner
Allows to Improve code to have a check that e.g sellerAwardPercent + buyerAwardPercent + arbiterAwardPercent = 100%; so that arbiter only needs to input in function resolveDispute(uint256 buyerAwardPercent)
Tools Used
Manual Analysis
Recommendations
It is recommended arbiterFee is a percentage agreed beforehand and replaces arbiterFee
function newEscrow(
uint256 price,
IERC20 tokenContract,
address seller,
address arbiter,
uint256 arbiterFee,// replace with arbiterFeePercent e.g 5%
bytes32 salt
) external returns (IEscrow) { ...sanity check arbiterFee > 0 and && < threshold e.g 50% as dont want arbiter getting more than half of the money always it does not make for good incentives for buyers and sellers
Change resolveDispute in Escrow.sol line 109 to the below
function resolveDispute(uint256 buyerPercent) external onlyArbiter nonReentrant inState(State.Disputed) {
.... check buyerPercent + arbiterFeePercent < 100 (if ==100 seller not receiving any remnant, else if <100 there is remnant for seller
..adjust remaining payment logic accordingly bases on amounts calculated by percentages
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.