Token transfer has to be redirected through EscrowFactory without approving to the address that is newly created.
It might be challenging to pre-calculate the new Escrow contract address off-chain so it's difficult/less reliable than transferring token to EscrowFactory which is a static address.
When duplicated addresses are generated in EscrowFactory, the transaction will revert but the seller still has token approval to that duplicated address.
Seller funds might not be safe, also they have challenges depositing tokens to Escrow contract.
Manual Review
Seller approves tokens to EscrowFactory, and in newEscrow
function, it transfer tokens to EscrowFactory then to new Escrow contract.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.