Summary

The current implementation of the contract emit the event Resolved(address indexed buyer, address indexed seller); event.

While there's no harm to logging this information, the event could add (or replace) some other more meaningful information:

• tokenDistributed: the total amount of tokens distributed is not i_price but i_tokenContract.balanceOf(address(this))

• buyerAward: the amount of tokens distributed to the buyer

• arbiterAward: the amount of tokens distributed to arbiter (just for sake of completeness)

• sellerAward: the amount of tokens distributed to seller (balance - i_arbiterFee - buyerAward)

Vulnerability Details

The current implementation of the contract emit the event Resolved(address indexed buyer, address indexed seller); event.

While there's no harm to logging this information the event could add (or replace) some other more meaningful information:

• tokenDistributed: the total amount of tokens distributed is not i_price but i_tokenContract.balanceOf(address(this))

• buyerAward: the amount of tokens distributed to the buyer

• arbiterAward: the amount of tokens distributed to arbiter (just for sake of completeness)

• sellerAward: the amount of tokens distributed to seller (balance - i_arbiterFee - buyerAward)

Impact

Better DX for external dApps/monitoring tools

Tools Used

Manual

Recommendations

The client should consider refactoring the Resolved event

• buyer and seller could be removed because they can be extracted by querying directly the contract (those are immutable values)

• totalDistributed, buyerAward and sellerAward can be added to track the final distribution of the total amount of token owned by the Escrow contract. For completeness the arbiterAward could be added to the event, but it could be omitted given that it's an immutable value of the contract itself and can be retrieved by querying it when needed