CodeHawks Escrow Contract - Competition Details
Cyfrin
Foundry
40,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Arbiter can make fund stuck by providing blocklisted address when ERC20 with blacklist is used for payment

said

Summary

If payment token used ERC20 token that have blocklist address, arbiter can make buyer token stuck inside the contract.

Vulnerability Details

When buyer create escrow contract via factory and providing non-zero arbiterFee, if dispute is initiated by buyer or seller, it will allow arbiter to resolveDispute. However, if ERC20 token with blocklist is used and i_arbiter is blocklisted, token will stuck forever in the contract.

https://github.com/Cyfrin/2023-07-escrow/blob/main/src/Escrow.sol#L125-L128

function resolveDispute(uint256 buyerAward) external onlyArbiter nonReentrant inState(State.Disputed) {
uint256 tokenBalance = i_tokenContract.balanceOf(address(this));
uint256 totalFee = buyerAward + i_arbiterFee; // Reverts on overflow
if (totalFee > tokenBalance) {
revert Escrow__TotalFeeExceedsBalance(tokenBalance, totalFee);
}
s_state = State.Resolved;
emit Resolved(i_buyer, i_seller);
if (buyerAward > 0) {
i_tokenContract.safeTransfer(i_buyer, buyerAward);
}
if (i_arbiterFee > 0) {
i_tokenContract.safeTransfer(i_arbiter, i_arbiterFee);
}
tokenBalance = i_tokenContract.balanceOf(address(this));
if (tokenBalance > 0) {
i_tokenContract.safeTransfer(i_seller, tokenBalance);
}
}

Impact

This will cause resolveDispute can't be called and make funds stuck in the contract.

Tools Used

Manual review

Recommendations

separate resolveDispute with claim funds to avoid seller or buyer funds stuck caused by this issue.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.