Open codehawks-bot opened 11 months ago
Seller will not agree to a 0 price contract. Price cannot be changed because its immutable.
Only reopening because there is an issue with 0 value transfers reverting. I think this one missed the mark but I'll give it to them.
Lack of Input Validation - Price Parameter
Severity
Medium Risk
Summary
Lack of Input Validation - Price Parameter
Vulnerability Details
In the EscrowFactory.newEscrow() and or Escrow.constructor() function, there is a lack of validation for whether the price is zero. A zero price does not make sense in an escrow transaction and could indicate an error on the part of the caller.
Impact
This could lead to the creation of escrow contracts with no value, wasting gas and potentially leading to confusion or errors in subsequent interactions with the contract.
Tools Used
Manual Review
Recommendations
Ensure that the price provided to the EscrowFactory.newEscrow() and or Escrow.constructor() function is not zero.