Since the escrow contract is open to use, it may allow any token during the escrow process, in some extreme case that if the token take extra fee from the event, for example, if user send 100 tokens to others, it will actually send 100 + fee.
Impact
The escrow may DoS at the dispute stage
Tools Used
Manual
Recommendations
It need to adjust the validation based on the fee mode of the token:
Incompatible with some deflationary token
Severity
Gas Optimization / Informational
Relevant GitHub Links
https://github.com/Cyfrin/2023-07-escrow/blob/65a60eb0773803fa0be4ba72defaec7d8567bccc/src/Escrow.sol#L109C1-L110C73
Summary
Incompatible with some deflationary token
Vulnerability Details
Since the escrow contract is open to use, it may allow any token during the escrow process, in some extreme case that if the token take extra fee from the event, for example, if user send 100 tokens to others, it will actually send 100 + fee.
Impact
The escrow may DoS at the dispute stage
Tools Used
Manual
Recommendations
It need to adjust the validation based on the fee mode of the token: