CodeHawks Escrow Contract - Competition Details
Cyfrin
Foundry
40,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

USDC blacklisted accounts can DoS the withdrawal system

33audits

Summary

When a resolved dispute is called tokens are sent to the buyer, seller, and arbiter. However, if any of these tokens are only on the USDC blacklist the transaction will fail leaving the seller with none of their tokens being transferred and tokens getting locked in the contract. Considering USDC is a commonly used ERC20 for these types of services it's safe to assume that this could cause some tokens to get stuck in escrow.

Impact

Tokens can get locked in the contract.

function resolveDispute(uint256 buyerAward) external onlyArbiter nonReentrant inState(State.Disputed) {
uint256 tokenBalance = i_tokenContract.balanceOf(address(this));
uint256 totalFee = buyerAward + i_arbiterFee; // Reverts on overflow
if (totalFee > tokenBalance) {
revert Escrow__TotalFeeExceedsBalance(tokenBalance, totalFee);
}
s_state = State.Resolved;
emit Resolved(i_buyer, i_seller);
if (buyerAward > 0) {
i_tokenContract.safeTransfer(i_buyer, buyerAward);
}
if (i_arbiterFee > 0) {
i_tokenContract.safeTransfer(i_arbiter, i_arbiterFee);
}
tokenBalance = i_tokenContract.balanceOf(address(this));
if (tokenBalance > 0) {
i_tokenContract.safeTransfer(i_seller, tokenBalance);
}
}

Tools Used

Manual Review

Remediation Steps

Instead of sending tokens directly to the payer or recipient in cancel(), consider storing the number of tokens in variables and having the payer or recipient claim it later

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.