CodeHawks Escrow Contract - Competition Details

Cyfrin

Foundry

40,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Escrow doesn't support Fee-on-transfer (or Rebase) token

chainnue

Summary

Escrow doesn't support Fee-on-transfer (or Rebase) token

Vulnerability Details

When creating Escrow contract, the price argument in constructor is the amount of asset need to transfer to Escrow contract (Line 39). Then on line 40, the escrow contract is initiated with the same price argument. Up until this point, there seems no potential error happen.

File: EscrowFactory.sol

28: address computedAddress = computeEscrowAddress(

29: type(Escrow).creationCode,

30: address(this),

31: uint256(salt),

32: price,

33: tokenContract,

34: msg.sender,

35: seller,

36: arbiter,

37: arbiterFee

38: );

39: tokenContract.safeTransferFrom(msg.sender, computedAddress, price);

40: Escrow escrow = new Escrow{salt: salt}(

41: price,

42: tokenContract,

43: msg.sender,

44: seller,

45: arbiter,

46: arbiterFee

47: );

But, when we check the Escrow.sol contract, in the constructor, there is a check on balance

File: Escrow.sol

32: constructor(

33: uint256 price,

34: IERC20 tokenContract,

35: address buyer,

36: address seller,

37: address arbiter,

38: uint256 arbiterFee

39: ) {

...

44: if (tokenContract.balanceOf(address(this)) < price) revert Escrow__MustDeployWithTokenBalance();

...

51: }

On line 44, there is a check of contract's balance of token, if it's under price, it will revert.

This will became an issue when the tokenContract (asset in held) is a Fee-on-transfer or Rebase. As the balance will not be the same as the price, it can be less than the price due to fee or rebase.

Thus this conclude that, Escrow contract doesn't work with Fee-on-transfer token or Rebase token.

Impact

Escrow contract doesn't work with Fee-on-transfer token or Rebase token.

Tools Used

Manual analysis

Recommendations

Create a whitelist registry for asset that are allowed to be use in Escrow, limiting the usage of Fee-on-transfer or Rebase token

Prize pool breakdown

Total prize

40,000 USDC

nSLOC

186

215 USDC / LOC

High Medium

37,000 USDC

Low

3,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.