CodeHawks Escrow Contract - Competition Details

Cyfrin

Foundry

40,000 USDC

Submission Details

Severity: high

No address(0) check for arbiter

There is no address(0) check in the constructor of Escrow.sol

The buyer can put address(0) as the arbiter when deploying a contract EscrowFactory.sol

The dispute resolution process will not be able to take place since there is no valid arbiter thereby making funds get stuck in the contract.

Manual review

Include the following in the constructor of Escrow.sol.

if (arbiter == address(0)) revert Escrow__ArbiterZeroAddress();

Total prize

40,000 USDC

nSLOC

186

215 USDC / LOC

High Medium

37,000 USDC

Low

3,000 USDC

The contest is live. Earn rewards by submitting a finding.

Submissions are being carefully reviewed by our judges.

This is your time to appeal against judgements on your submissions.

Appeals are being carefully reviewed by our judges.

The contest is complete and the rewards are being distributed.

Support

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.