CodeHawks Escrow Contract - Competition Details

Cyfrin

Foundry

40,000 USDC

View results

Previous Next

Submission Details

Severity: high

#Escrow - Dispute once initiated can not be cancelled

victorygod

Summary

addition of a cancelDispute mechanism
This mechanism allows the initiator of a dispute to cancel the dispute process under certain conditions

Vulnerability Details

Without this mechanism, parties involved in a dispute would not have the ability to cancel the dispute process once initiated. This can lead to unnecessary conflicts and delays if parties reach a resolution or decide to withdraw the dispute before it is resolved.

Impact

Inflexibility: Parties involved in a dispute would not have the ability to cancel the dispute process if they reach a resolution or decide to withdraw the dispute. This lack of flexibility can lead to unnecessary conflicts and delays in the escrow process.
Frustration and dissatisfaction: Users of the escrow contract may become frustrated if they are unable to cancel a dispute when they no longer wish to pursue it. This can result in dissatisfaction with the escrow system and potentially discourage users from utilizing it in the future.

Tools Used

Recommendations

Implement the cancelDispute mechanism: Add the cancelDispute function to the Escrow contract to allow the initiator of a dispute to cancel the dispute process under certain conditions. This function should include checks and validations to ensure that the cancellation is authorized and valid.

function cancelDispute(

bytes32 _tradeRecordId,

address _seller,

address _buyer,

uint _expireAtBlock,

uint _salt,

bytes _signature

)

external

onlyRelay

returns (uint)

{

// Include the implementation of the cancelDispute function here

// Make sure to validate the cancellation and update the necessary state variables

// Add appropriate require statements and checks to ensure the cancellation is authorized and valid

// Emit events or update the necessary state to reflect the cancellation

// Example implementation:

require(_getEscrowExists(_escrowHash), "DISPUTED_ESCROW_SHOULD_EXIST");

require(_getEscrowDisputed(_escrowHash), "DISPUTED_ESCROW_SHOULD_BE_DISPUTED");

// Additional checks and validations

// Perform necessary state updates and emit events

return OK;

}

Consider the requirements and conditions for cancellation: Define the specific requirements and conditions under which a dispute can be canceled. This may include verifying the signatures of the initiator, checking the escrow's disputed state, and ensuring the cancellation request is made within a certain timeframe.

Prize pool breakdown

Total prize

40,000 USDC

nSLOC

186

215 USDC / LOC

High Medium

37,000 USDC

Low

3,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.