40,000 USDC
View results
Submission Details
Severity: low

Visibility of the salt variable.

Summary

Visibility of the salt parameter.

Vulnerability Details

The salt in the newEscrow function is visible. This means that any user or contract that can call the newEscrow function can also see the value of the salt used. This could allow an attacker to track the creation of new escrow contracts and exploit vulnerabilities in the escrow contracts.

Impact

The visibility of the salt could allow an attacker to track the creation of new escrow contracts and try targetted DOS or exploit activity,

Tools Used

Slither, Remix

Recommendations

Generate the salt randomly, chainlink VRF is a good solution

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.