CodeHawks Escrow Contract - Competition Details

Summary

The newEscrow function could be optimized to fail earlier on invalid inputs, saving users on gas costs in the event of a failed transaction.

Vulnerability Details

The newEscrow function in the EscrowFactory contract could be optimized to perform input validation earlier.

The following require statements could be checked earlier in the function:

- require(address(tokenContract) != address(0), "EscrowFactory: tokenContract must not be the zero address");
- require(seller != address(0), "EscrowFactory: seller must not be the zero address");
- require(arbiterFee < price, "EscrowFactory: arbiterFee must be less than price");

Currently, these checks are performed after several other operations, which means users will spend unnecessary gas when these conditions are not met.

Impact

Comparing the gas costs of failed transactions with and without the proposed changes shows a significant difference.

Without changes

![Screenshot 2023-08-01 at 8.41.40 PM.png](https://s3-us-west-2.amazonaws.com/secure.notion-static.com/17fdbffb-b11e-4854-9770-4217fd209bff/Screenshot_2023-08-01_at_8.41.40_PM.png)

With changes

![Screenshot 2023-08-01 at 8.40.11 PM.png](https://s3-us-west-2.amazonaws.com/secure.notion-static.com/95b0a027-8e7b-4583-bb81-3e9589dedf8b/Screenshot_2023-08-01_at_8.40.11_PM.png)

Tools Used

Manual analysis, Foundry

Recommendations

To avoid unnecessary gas costs for users, it is recommended to perform input validation earlier in the newEscrow function:

While this change will slightly increase the gas cost for successful transactions, it will have a much greater impact on reducing gas costs for failed transactions, benefiting the codebase as a whole.