CodeHawks Escrow Contract - Competition Details

Cyfrin

Foundry

40,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Escrow#initiateDispute - Does not check if the escrow Exists or not

victorygod

Summary

lack of a check for the existence of the escrow before initiating a dispute.

Vulnerability Details

Currently, there is no check implemented to verify the existence of the escrow before initiating a dispute. This means that anyone can call the initiateDispute function on any address, regardless of whether it represents a valid escrow or not.

Impact

Unauthorized disputes: Without the existence check, anyone can initiate a dispute on any address, even if it does not represent a valid escrow. This can lead to unauthorized disputes and unnecessary conflicts between parties.

Tools Used

Manual Analysis

Recommendations

Add a check in the initiateDispute function to verify the existence of the escrow before allowing the dispute to be initiated. This can be done by checking the state of the escrow or maintaining a mapping of valid escrow addresses.

Prize pool breakdown

Total prize

40,000 USDC

nSLOC

186

215 USDC / LOC

High Medium

37,000 USDC

Low

3,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.