Summary

On line 44 of Escrow.sol, there is the following code:

if (tokenContract.balanceOf(address(this)) < price) revert Escrow__MustDeployWithTokenBalance();

Assuming all Escrow instances will be deployed from the factory, then this line is not relevant. The token balance check has already occurred in line 39 of EscrowFactory.sol:

tokenContract.safeTransferFrom(msg.sender, computedAddress, price);

The transferFrom function will require that the buyer has a high enough balance (and has approved spending). If we are assuming the transferFrom is using a legitimate ERC20 standard-following token, then balanceOf should be unnecessary. In any case, if the token is malicious, then adding a balanceOf solves nothing, as the malicious token can handle that case.

Vulnerability Details

Gas optimization.

Impact

This line prevents a buyer from using a fee-on-transfer token as a payment.

Tools Used

VsCode, foundry

Recommendations

Remove line 44 of Escrow.sol:

if (tokenContract.balanceOf(address(this)) < price) revert Escrow__MustDeployWithTokenBalance();

and line 13 of IEscrow.sol:

error Escrow__MustDeployWithTokenBalance();