Submission Details
Severity:
Incorrect modifier
Summary
In escrow.sol, the following code will not work as expected
/// @dev Throws if called by any account other than buyer or seller.
modifier onlyBuyerOrSeller() {
if (msg.sender != i_buyer && msg.sender != i_seller) {
revert Escrow__OnlyBuyerOrSeller();
}
_;
}
Vulnerability Details
When for instance a valid seller tries to initiate a dispute, he will not be able to so successfully
Impact
The seller cannot initiate dispute and buyer can refuse to pay for work done.
Tools Used
Manual review
Recommendations
The following can be used
/// @dev Throws if called by any account other than buyer or seller.
modifier onlyBuyerOrSeller() {
if (msg.sender != i_buyer || msg.sender != i_seller) {
revert Escrow__OnlyBuyerOrSeller();
}
_;
}
Prize pool breakdown
Total prize
40,000 USDC
nSLOC
186215 USDC / LOC
37,000 USDC
3,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.