CodeHawks Escrow Contract - Competition Details

Cyfrin

Foundry

40,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Seller might get overpaid

aamirusmani1552

Summary

When buyer calls confirmReceipt function, he transfer all of the token inside the contract to the Seller.

Vulnerability Details

There are two instances of it:

No checks are done to make sure that Seller would get only price that is set inside i_price variable.

function confirmReceipt() external onlyBuyer inState(State.Created) {

s_state = State.Confirmed;

emit Confirmed(i_seller);

i_tokenContract.safeTransfer(i_seller, i_tokenContract.balanceOf(address(this)));

}

In resolveDispute function

Impact

If some tokens are transferred to the contract mistakenly, then the seller would get all of the amount inside the contract.

Here is the link to test that proofs it:
test 1 : test 1 for confirmReceipt

test 2 : test 2 for resolveDispute

Tools Used

foundry tests

Recommendations

Instead of sending all tokens to the seller, send only i_price amount. Rest of the token should be transferred back to the buyer or any other address that fits the situation.

Here is the example:

for confirmReceipt: example
for resolveDispute: example

Here is the test:

For confirmReceipt: test
For resolveDispute: test

Prize pool breakdown

Total prize

40,000 USDC

nSLOC

186

215 USDC / LOC

High Medium

37,000 USDC

Low

3,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.