Competitive Audits
First Flights
Judging
Leaderboard
Docs
Toggle theme
Sign up
Log in
All Contests
CodeHawks Escrow Contract - Competition Details
Submissions
CodeHawks Escrow Contract - Competition Details
Cyfrin
CodeHawks Escrow Contract - Competition Details
Cyfrin
Foundry
40,000
USDC
Public
40,000
USDC
Jul 24th, 2023 → Aug 5th, 2023
View repo
View results
873 / 873
Submissions
Severity
Validity
Tags
Author
#1
All assets can be stuck if arbiter happens to have his address blacklisted during dispute state
Medium
-
yixxas
#2
Arbiter logic can lead to locked funds
Medium
-
Cosine
#3
"The Dispute" Feature fails if no arbiter is set
Medium
-
BountyHunt3r
#4
Buyer and arbiter can rug pull
High
-
BountyHunt3r
#5
Buyer and arbiter can rug pull
High
-
BountyHunt3r
#6
Funds being stuck when Arbiter is stuck
High
-
cem
#7
Gas Optimizations finding
Gas
-
Bnke0x0
#8
Low Risk Low Risk & Non-Critical Issues
Low
-
Bnke0x0
#9
Low Risk and Non-Critical finding
Low
-
Bnke0x0
#10
Parameters should be checked inside the factory contract
Gas
-
Cosine
#11
Considerations
Gas
-
Plamen Tsanev
#12
Denial of Service state when attempting to create Escrow with 0 price and 0 fee
Low
-
Bad
#13
Escrow.sol - certain token types can cause issues to transfer functionality
Medium
-
Plamen Tsanev
#14
Manually calculate remaining tokens instead of token.balanceOf() call
Gas
-
Bad
#15
Gas Optimizations
Gas
-
Mlome
#16
Buyer can always frontrun & grief Seller by always initiating dispute
High
-
n1punp
#17
The Seller can collude with the Arbiter to resolve dispute dishonestly (Buyer can get 0)
High
-
n1punp
#18
Buyer can collude with Arbiter so Seller get nothing (0)
High
-
n1punp
#19
Seller can grief the Buyer (to pay arbiterFee even if no work is done)
High
-
n1punp
#20
Denial of Service state in the event that arbiter loses wallet access
High
-
Bad
#21
Escrow does not support Fee-on-transfer tokens
Medium
-
carrotsmuggler
#22
Check price != 0 before interacting with IERC20
Gas
-
Bad
#23
Buyer can blacklist themselves to prevent payout
Medium
-
carrotsmuggler
#24
Seller can provide blacklisted address to hold Buyer hostage
High
-
carrotsmuggler
#25
Fixed `i_arbiterFee` can prevent payment
Medium
-
0xdeadbeef
#26
>0 can be replaced by !=0 to save a bit of gas
Gas
-
Stoicov
#27
Constructor of Escrow.sol could be marked payable to save gas
Gas
-
Stoicov
#28
No fallback mechanism for unresolved disputes - lead to loss of funds
High
-
0xdeadbeef
#29
no address(0) check for arbiter address
Medium
-
serverConnected
#30
No check if arbiter is the same address as the seller
Low
-
Draiakoo
Previous
1
2
3
...
More pages
30
Next
Support
FAQs
Can’t find an answer? Join our Discord or follow us on Twitter.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
What is community judging?
How do I get rewarded?
What is a First Flight?
Give us feedback!