CodeHawks Escrow Contract - Competition Details
Cyfrin
Foundry
40,000 USDC
View results
Previous Next
Submission Details
Severity: medium

Price should not be less than arbiterFee

mo_

Summary

There are no check to validate if arbiterFee is larger than price . This can lead to scenarios where funds will get stuck in the escrow contract .

Vulnerability Details

Arbiterfee is set by the buyer . If an buyer mistakenly set arbiterFee more than the price , then following things may happen :

  1. Seller noticed the issue and abstain himself from delivery .

  2. Buyer calls initiateDispute function in Escrow.sol contract to get the funds back .

  3. Arbiter calls resolveDispute function to solve the issue , but as the contract have less balance(price) than arbiterfee function call reverts .

/// @inheritdoc IEscrow
function resolveDispute(uint256 buyerAward) external onlyArbiter nonReentrant inState(State.Disputed) {
uint256 tokenBalance = i_tokenContract.balanceOf(address(this)); //<---------This means the price of the service
uint256 totalFee = buyerAward + i_arbiterFee; // Reverts on overflow
if (totalFee > tokenBalance) {
revert Escrow__TotalFeeExceedsBalance(tokenBalance, totalFee);
}
s_state = State.Resolved;
emit Resolved(i_buyer, i_seller);
if (buyerAward > 0) {
i_tokenContract.safeTransfer(i_buyer, buyerAward);
}
if (i_arbiterFee > 0) {
i_tokenContract.safeTransfer(i_arbiter, i_arbiterFee); //<-----------reverts here as the arbiterFee is larger than the tokenBalance
}
tokenBalance = i_tokenContract.balanceOf(address(this));
if (tokenBalance > 0) {
i_tokenContract.safeTransfer(i_seller, tokenBalance);
}
}

Funds will get stuck in the contract .

Impact

Frozen funds

Tools Used

Manual review

Recommendations

Consider adding this check :

require(price > arbiterFee, "arbiter fee cannot exceed price");

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.