Summary

An redundant error case is defined in the Escrow contract, resulting in more gas consumption without offering any significant value to the Escrow contract.

Vulnerability Details

Keeping in mind that a new escrow account is always created using Escrow Factory contract, first token transfer will happen and then creation of a new Escrow account. In a scenario where the user enters a zero address as tokenContract (0x0000000000000000000000000000000000000000, address(0)), the transaction is terminated and it always reverts with the error message, "Address: call to non-contract". Following error (if (address(tokenContract) == address(0)) revert Escrow__TokenZeroAddress();) verifies if the tokenContract address is non-zero. Given that the token transfer precedes the contract creation, the additional error check serves no purpose, does not provide any extra utility or security to the process and consumes additional gas during contract execution.

Impact

It decreases gas efficiency, leading to higher gas costs for transactions involving the contract.

Tools Used

1. VS Code

2. Hardhat

3. Remix

Recommendations

1. Consider relocating the error case related to tokenContract from the Escrow contract to the Escrow Factory contract.

2. Alternatively, remove the error case altogether. It saves an average of 500 gas.