40,000 USDC
View results
Submission Details
Severity: high

The `resolveDispute()` and `confirmReceipt()` functions may revert if a fee on transfer token is used.

Summary

The Escrow contract faces a revert issue that affects two essential functions, the resolveDispute() and confirmReceipt(). This issue arises when fee-on-transfer tokens are used, as the functions attempt to transfer the entire token balance without accounting for additional fees required for successful transfers. Consequently, the transactions may revert hindering the resolution of disputes and confirmation of receipt.

Vulnerability Details

These functions execute token transfers without considering potential fees associated with fee-on-transfer tokens.The transfer of tokens may revert due to insufficient balance to cover the transfer fee. This lack of proper fee estimation in the functions' logic results in failed transactions and leaves disputes unresolved or receipt confirmations incomplete

Impact

If the resolveDispute() or confirmReceipt() functions revert, then the escrow contract will be unable to resolve disputes or send tokens to the seller.The severity of this issue is classified as "High" due to its critical impact on the core functionality of the Escrow contract.

Tools Used

Manual Analysis

Recommendations

Consider using tokens that do not have fee-on-transfer functionality for escrow transactions to mitigate potential reverts.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.