40,000 USDC
View results
Submission Details
Severity: gas
Valid

Quality Assuarance

1. TYPOs IN THE Natspec COMMENTS

/// @dev Throws if `contract` called in State other than one associated for `function`.

The above Natspec comment should be updated as follows:
/// @dev Throws if function called in State other than one associated for contract.

https://github.com/Cyfrin/2023-07-escrow/blob/main/src/Escrow.sol#L81

/// Therefore, careful consideration should be taken when `chosing` the token.

The above Natspec comment should be updated as follows:
/// Therefore, careful consideration should be taken when choosing the token.

https://github.com/Cyfrin/2023-07-escrow/blob/main/src/EscrowFactory.sol#L19

2. RECOMMENED TO ASK THE buyer AND seller TO MAKE THE arbiter A MULTISIG CONTRACT

Since arbiter creates a single point of failure (centralization risk), it is recommended to create a multisig contract and make it the arbiter address. The buyer and seller should be notified of this fact.

Since if the arbiter is an EOA account and his private key gets compromised during dispute resolution, or if he avoids contact with the buyer or seller offchain, then the Escrow funds will be locked in the contract. Hence to mitigate this centralization risk it is recommended to inform the buyer and seller to use a multisig as the arbiter.

https://github.com/Cyfrin/2023-07-escrow/blob/main/src/Escrow.sol#L49
https://github.com/Cyfrin/2023-07-escrow/blob/main/src/Escrow.sol#L109

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.