40,000 USDC
View results
Submission Details
Severity: medium

Escrow::confirmReceipt() can result in extra loss if deposit of the escrow is higher than the price

Summary

As Escrow::confirmReceipt() function transfers the whole deposit to the seller, that can result in extra loss if deposit of the escrow is somehow higher than the price

Vulnerability Details

function confirmReceipt() external onlyBuyer inState(State.Created) {
... ...
i_tokenContract.safeTransfer(i_seller, i_tokenContract.balanceOf(address(this))); // --> Here, transfers the whole balance to the seller
}

Impact

If the deposit of the escrow is higher than the given price, the buyer will lose extra tokens.

Tools Used

Manual Review

Recommendations

I would suggest returning extra funds to the buyer.

function confirmReceipt() external onlyBuyer inState(State.Created) {
... ...
const totalBalance = i_tokenContract.balanceOf(address(this));
i_tokenContract.safeTransfer(i_seller, i_price); // --> Here, transfers only given price amount to the seller
if (totalBalance > i_price) {
i_tokenContract.safeTransfer(i_buyer, totalBalance - i_price); // --> Here, transfers remaining funds back to the buyer
}
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.