CodeHawks Escrow Contract - Competition Details

Cyfrin

Foundry

40,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Arbiter Address

Qiezie

Summary

Funds could be frozen

Vulnerability Detail

need to check if the arbiter address is not 0. if the arbiter address is 0 then resolveDispute or initiateDispute
function will be inaccessible, because of onlyArbiter modifier.

buyer creates Escrow contract with 0 address arbiter (human make mistakes), and transfer tokens to it.
now the buyer Dispute with seller.
buyer tries to execute initiateDispute function.
it will fail because address == 0 now the funds are frozen in the contract.

Impact

funds are lost because there is not way to restore buyer's funds.

Code Snippet

Tool used

Manual Review

Recommendation

add arbiter 0 address check in constructor.

Prize pool breakdown

Total prize

40,000 USDC

nSLOC

186

215 USDC / LOC

High Medium

37,000 USDC

Low

3,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.