Fee on transfer tokens will not be supported
Summary
The current implementation of the escrow contract does not support tokens that take a fee on transfer. This is because the contract checks if the balance of the contract is greater then the specified price parameter, which will not be the case for tokens that deduct a fee on transfer.
While this is not an issue at the present time, as many widely-used tokens do not charge a fee, it could become a significant constraint in the future. If popular tokens (such as USDT and USDC) decide to implement a transfer fee, the protocol's regular usability would be severely limited. Consequently, the protocol's user base could be greatly reduced.
Vulnerability Details
In the escrow contracts constructor, a check is performed to ensure that the balance of the escrow contract matches or is greater then the specified price. However, for tokens that deduct a fee on transfer, the balance will be less than the price, causing the function to revert. This effectively means that tokens which employ a transfer fee cannot be used with the current contract implementation.
Impact
It will not be possible to use fee on transfer tokens regularly within the protocol
Tools Used
Manual analysis
Recommendations
To address this issue, you could modify the contract to accommodate fee-on-transfer tokens.
Alternatively, If accommodating fee-on-transfer tokens is not a priority, it would be helpful to clearly document this limitation in the contract comments and any user-facing documentation.
One work around on the user side would be to have them send extra tokens to the precomputed address before calling the newEscrow function
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.