40,000 USDC
View results
Submission Details
Severity: medium

If The buyer executes a reorg attack the seller would be cheated out on the funds

Summary

A reorg attack can happen if the buyer has enough validators or if the buyer gets lucky when the chain is reorg rule

Vulnerability Details

The buyer executes to give the funds and meanwhile, the seller at the same block gives the audit report
Then the buyer reorgs the chain causing the funds to never have been sent
Gaining the audit report and still having the funds

Impact

If the escrow has an arbitor then the risk is mitigated but the auditor won't get the tokens until the dispute is settled
which can take n amount of time for which the token price can drop causing the auditor not to get paid the rate that was agreed upon.
If the escrow has no arbitor then the seller will lose their funds and that is a huge problem for protocols with no arbitor
The reorg attack happens on polygon and mainnet and other chains increasing the severity

Tools Used

Recommendations

If the escrow has no arbitor then there is really no way of mitigating this issue
If there is a arbiter then maybe base the price on USD value or eth value something that is not as vulnerable as token price

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.