CodeHawks Escrow Contract - Competition Details

Cyfrin

Foundry

40,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

the emergency receive should be implemented to seller to send seller funds if buyer never response due to some unwished things.

avci

Summary

the emergency receives should be implemented for the seller to send the seller funds if the buyer never responds.

Vulnerability Details

in the escrow.sol contract we have ConfirmReciept which is for the buyer to confirm the receipt.
let's think of a scenario in which the seller gives the audit to the buyer and at the end, the buyer cannot confirm the recipe due to losing access to their wallet, if a bad thing happens to the buyer, and simply could not confirm receipt and...

function confirmReceipt() external onlyBuyer inState(State.Created) {

s_state = State.Confirmed;

emit Confirmed(i_seller);

i_tokenContract.safeTransfer(i_seller, i_tokenContract.balanceOf(address(this)));

}

Impact

the seller will lose money because an audit was sent to the buyer but now the buyer cannot anymore confirm the receipt.

Tools Used

manually/ vs code

Recommendations

the emergency receives should be implemented for the seller with like deadline logic which buyer should set in newEscrow, for example, 1month 2 month for seller or arbiter

Prize pool breakdown

Total prize

40,000 USDC

nSLOC

186

215 USDC / LOC

High Medium

37,000 USDC

Low

3,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.