CodeHawks Escrow Contract - Competition Details

Cyfrin

Foundry

40,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Sour buyers could always reduce sellers` pay

credence0x

Summary

Since the contract's token balance is only required to be as much as the amount the seller is supposed to be paid, a sour buyer could always shorten the ration of the seller by sending the escrow into dispute since the arbiterFee will always be removed from the seller's pay.

Vulnerability Details

Since total amount of tokens required to be sent to the contract is that which the seller is supposed to be paid, a sour buyer can shorten the ration of the seller by sending the escrow into dispute.

This means that only the buyer pays for dispute resolution and since the arbiterFee is not capped, the loss will be as little or as much as the arbiterFee.

Impact

The maximum the seller would get after forced arbitration will be at most price - arbiterFee and if the arbiterFee is high enough, the seller's loss could potentially be high.

Tools Used

Recommendations

A good solution would be to ensure that the arbiterFee plus price is sent to the contract by the buyer. The arbiter could then split the fees based on fault by varying the buyerAward in the resolveDispute function.

if (arbiter !== address(0)){

if (tokenContract.balanceOf(address(this)) < price + arbiterFee) revert Escrow__MustDeployWithTokenBalance();

} else {

if (tokenContract.balanceOf(address(this)) < price) revert Escrow__MustDeployWithTokenBalance();

}

This will also mean the confirmReceipt function would be modified to allow only the price to be transferred to the seller and the balance be transferred to buyer

function confirmReceipt() external onlyBuyer inState(State.Created) {

s_state = State.Confirmed;

emit Confirmed(i_seller);

i_tokenContract.safeTransfer(i_seller, i_price);

uint balance = i_tokenContract.balanceOf(address(this));

if (balance > 0){

i_tokenContract.safeTransfer(i_buyer, balance);

}

Prize pool breakdown

Total prize

40,000 USDC

nSLOC

186

215 USDC / LOC

High Medium

37,000 USDC

Low

3,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.