CodeHawks Escrow Contract - Competition Details
Cyfrin
Foundry
40,000 USDC
View results
Previous Next
Submission Details
Severity: medium

It is possible for the buyer to `extort` the seller to lower the price

tsvetanovv

Summary

In Escrow.sol we have confirmReceipt() and resolveDispute():

function confirmReceipt() external onlyBuyer inState(State.Created) {
s_state = State.Confirmed;
emit Confirmed(i_seller);
i_tokenContract.safeTransfer(i_seller, i_tokenContract.balanceOf(address(this)));
}
function initiateDispute() external onlyBuyerOrSeller inState(State.Created) {
if (i_arbiter == address(0)) revert Escrow__DisputeRequiresArbiter();
s_state = State.Disputed;
emit Disputed(msg.sender);
}

The confirmReceipt() allows the buyer to confirm that all is well and the seller has fulfilled his obligations.
The initiateDispute() function allows either the buyer or the seller to initiate a dispute if they believe the terms of the agreement have not been met.

There is a way for the buyer to try "for free" to see how far the seller is willing to reduce the price.

Vulnerability Details

It is possible for a buyer to constantly try to lower the price and pay less for the audit. This can be done by observing the mempool to see if initiateDispute() will be called by the seller on disagreement.

For example:

  • They agreed on $10,000

  • The buyer tries to reduce by $1000 and succeeds.

  • He then tries another $500, but the seller is unwilling and decides to call initiateDispute().

  • The buyer sees the transaction in mempool and immediately front-run calls confirmReceipt(), as he has already lowered the price with 1000$.

This the buyer can constantly do and reduce the price to the seller's tolerance threshold.

Impact

The seller (auditor) will lose funds

Tools Used

Manual Review

Recommendations

This is very difficult to prevent and I personally can't think of how to do it.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.