Summary

A Denial of Service (DoS) vulnerability was identified in the escrow contract's depositIntoEscrow function. The function fails to handle scenarios where a large number of ERC721 tokens are deposited into escrow, leading to potential resource exhaustion and contract failure.

Vulnerability Details

The vulnerability arises when an attacker attempts to deposit a large number of ERC721 tokens into the escrow contract in a single transaction. The contract does not impose any limit on the number of tokens that can be deposited at once, resulting in the contract trying to process all tokens simultaneously. This leads to excessive gas consumption, which can easily exceed the block gas limit.

Impact

This vulnerability allows an attacker to disrupt the functionality of the escrow contract by depositing an excessively large number of ERC721 tokens, leading to transaction reversion and potential contract unavailability. This could lock assets in the contract or prevent further interactions until the issue is resolved.

Tools Used

Manual Review

Proof of Concept (PoC)

Recommendations

• Implement a Limit on Deposits: Introduce a maximum limit on the number of tokens that can be deposited into escrow in a single transaction. This will prevent excessive gas consumption and reduce the risk of hitting the block gas limit.

• Batch Processing: Consider implementing a batch processing mechanism where large numbers of tokens are processed in smaller batches over multiple transactions, ensuring that each transaction stays within the gas limit.