CodeHawks Escrow Contract - Competition Details

Cyfrin

Foundry

40,000 USDC

Submission Details

Severity: medium

Token transfer has to be redirected through EscrowFactory

Token transfer has to be redirected through EscrowFactory without approving to the address that is newly created.

It might be challenging to pre-calculate the new Escrow contract address off-chain so it's difficult/less reliable than transferring token to EscrowFactory which is a static address.
When duplicated addresses are generated in EscrowFactory, the transaction will revert but the seller still has token approval to that duplicated address.

Seller funds might not be safe, also they have challenges depositing tokens to Escrow contract.

Manual Review

Seller approves tokens to EscrowFactory, and in newEscrow function, it transfer tokens to EscrowFactory then to new Escrow contract.

Total prize

40,000 USDC

nSLOC

186

215 USDC / LOC

High Medium

37,000 USDC

Low

3,000 USDC

The contest is live. Earn rewards by submitting a finding.

Submissions are being carefully reviewed by our judges.

This is your time to appeal against judgements on your submissions.

Appeals are being carefully reviewed by our judges.

The contest is complete and the rewards are being distributed.

Support

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.