0kage-eth
commented
11 months ago Seller will not agree to a 0 price contract. Price cannot be changed because its immutable.
Open codehawks-bot opened 11 months ago
0kage-eth
commented
11 months ago Seller will not agree to a 0 price contract. Price cannot be changed because its immutable.
PatrickAlphaC
commented
10 months ago Only reopening because there is an issue with 0 value transfers reverting. I think this one missed the mark but I'll give it to them.
Lack of Input Validation - Price Parameter
Severity
Medium Risk
Summary
Lack of Input Validation - Price Parameter
Vulnerability Details
In the EscrowFactory.newEscrow() and or Escrow.constructor() function, there is a lack of validation for whether the price is zero. A zero price does not make sense in an escrow transaction and could indicate an error on the part of the caller.
Impact
This could lead to the creation of escrow contracts with no value, wasting gas and potentially leading to confusion or errors in subsequent interactions with the contract.
Tools Used
Manual Review
Recommendations
Ensure that the price provided to the EscrowFactory.newEscrow() and or Escrow.constructor() function is not zero.