Summary

The confirmReceipt function in the Escrow contract is protected by the inState(State.Created) modifier, which reverts if the function is called when the contract is not in the Created state. However, if a malicious actor gains control over the buyer's address, they could potentially call this function when the contract is in the Disputed state, leading to unexpected behavior and potential loss of funds.

Vulnerability Details

The confirmReceipt function is designed to confirm the receipt of the service by the buyer. It is protected by the inState(State.Created) modifier, which ensures that the function can only be called when the contract is in the Created state. However, if a malicious actor gains control over the buyer's address, they could potentially call this function when the contract is in the Disputed state. This could lead to unexpected behavior, as the function transfers the entire balance of the contract to the seller.

Code Snippet

Impact

If a malicious actor gains control over the buyer's address and calls the confirmReceipt function when the contract is in the Disputed state, it could lead to unexpected transfers of the contract's balance. This could potentially result in a loss of funds for the buyer, and could undermine trust in the platform.

Tools Used

Manual code review

Recommendations

To mitigate this potential issue, it is recommended to add additional checks in the confirmReceipt function to ensure that it can only be called when the contract is in the Created state. This could be implemented by adding a require statement at the beginning of the function, like so:

This would ensure that the confirmReceipt function cannot be called when the contract is in a non-created state, thereby preventing the potential issues described above.