CodeHawks Escrow Contract - Competition Details

Cyfrin

Foundry

40,000 USDC

View results

Previous Next

Submission Details

Severity: high

Wrong Argument Count in safeTransfer function Call

topmark

Summary

safeTransfer function in L98 and 4 other instances are taking in 2 parameters instead of 3 parameters which is the standard according to the safeTransfer function on openzeppelin library

Vulnerability Details

from the openzeppelin library it can be confirmed that safeTransfer takes in 3 parameters and not 2
https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/utils/SafeERC20.sol#L36

36. function safeTransfer(IERC20 token, address to, uint256 value) internal {

37. _callOptionalReturn(token, abi.encodeCall(token.transfer, (to, value)));

38. }

However using L98 as a sample, what can be seen is two parameters

98. i_tokenContract.safeTransfer(i_seller, i_tokenContract.balanceOf(address(this)));

This is also the case at L120, L123 & L127 of the Escrow.sol contract

Impact

Would affect all round functionality of fund transaction in the Escrow contract, which would be a huge problem

Tools Used

Solidity, Hardhat

Recommendations

Three parameters should be used and not two, except the developer was actually intending to use transfer() and not safeTransfer()

Prize pool breakdown

Total prize

40,000 USDC

nSLOC

186

215 USDC / LOC

High Medium

37,000 USDC

Low

3,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.