The `resolveDispute()` and `confirmReceipt()` functions may revert if a fee on transfer token is used.
Summary
The Escrow contract faces a revert issue that affects two essential functions, the resolveDispute() and confirmReceipt(). This issue arises when fee-on-transfer tokens are used, as the functions attempt to transfer the entire token balance without accounting for additional fees required for successful transfers. Consequently, the transactions may revert hindering the resolution of disputes and confirmation of receipt.
Vulnerability Details
These functions execute token transfers without considering potential fees associated with fee-on-transfer tokens.The transfer of tokens may revert due to insufficient balance to cover the transfer fee. This lack of proper fee estimation in the functions' logic results in failed transactions and leaves disputes unresolved or receipt confirmations incomplete
Impact
If the resolveDispute() or confirmReceipt() functions revert, then the escrow contract will be unable to resolve disputes or send tokens to the seller.The severity of this issue is classified as "High" due to its critical impact on the core functionality of the Escrow contract.
Tools Used
Manual Analysis
Recommendations
Consider using tokens that do not have fee-on-transfer functionality for escrow transactions to mitigate potential reverts.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.