Visibility of the salt parameter.
The salt in the newEscrow function is visible. This means that any user or contract that can call the newEscrow function can also see the value of the salt used. This could allow an attacker to track the creation of new escrow contracts and exploit vulnerabilities in the escrow contracts.
The visibility of the salt could allow an attacker to track the creation of new escrow contracts and try targetted DOS or exploit activity,
Slither, Remix
Generate the salt randomly, chainlink VRF is a good solution
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.