CodeHawks Escrow Contract - Competition Details

Cyfrin

Foundry

40,000 USDC

Submission Details

Severity: medium

Valid

Funds will be locked if buyer or seller get into an accident and there’s no arbiter set because both seller and buyer trust each other

The contract allows for address(0) arbiter

https://github.com/Cyfrin/2023-07-escrow/blob/main/src/Escrow.sol#L49

However, in case of an accident happening to buyer or seller the funds will be locked with no way to recover.

https://github.com/Cyfrin/2023-07-escrow/blob/main/src/Escrow.sol#L103

Mitigation:

Always set a valid arbiter

Implement a new role which can set an arbiter/transfer funds

Implement a claim with a deadline. If no challenge before deadline transfer the funds to the claimer.

Total prize

40,000 USDC

nSLOC

186

215 USDC / LOC

High Medium

37,000 USDC

Low

3,000 USDC

The contest is live. Earn rewards by submitting a finding.

Submissions are being carefully reviewed by our judges.

This is your time to appeal against judgements on your submissions.

Appeals are being carefully reviewed by our judges.

The contest is complete and the rewards are being distributed.

Support

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.