CodeHawks Escrow Contract - Competition Details

Summary

Using clones, also known as minimal proxies, for deploying escrow contracts through the factory contract offers substantial gas savings. Clones are small and inexpensive smart contracts that delegate calls to an implementation contract, eliminating the need to deploy the entire contract repeatedly for each buyer. Instead, lightweight proxies are created, pointing to the shared contract logic. This approach reduces gas costs significantly, making the deployment process more efficient and cost-effective, especially when deploying multiple escrow contracts over time.

Vulnerability Details

Clones, also known as minimal proxies, are small and cost-effective smart contracts described in ERC1167. They delegate all incoming calls to an implementation (template) contract that contains the required functionality. The address of this implementation contract is directly stored in the contract code, eliminating the need for additional storage loads (sload).

The use of clones can significantly reduce the gas cost of deploying Escrow contracts. Instead of deploying the entire Escrow contract with all its logic for each buyer, only a minimal proxy pointing to the escrow contract logic needs to be deployed. This proxy acts as a lightweight representative of the actual contract, efficiently delegating calls to the underlying implementation contract.

Impact

Saving a lot of gas in every Escrow contract deployment.

Tools Used

VSCode

Recommendations

To optimize the deployment process, the EscrowFactory.sol contract should be modified to employ OpenZeppelin clones, creating cost-effective versions instead of deploying the entire Escrow.sol logic for each instance
Use the tutorial to learn how to work with minimal proxies / clones:
https://blog.openzeppelin.com/workshop-recap-cheap-contract-deployment-through-clones

FYI: You can use the cloneDeterministic and predictDeterministicAddress functions to predict the deployed escrow address before deploying it.