i_price should be used over i_tokenContract.balanceOf(address(this)
Vulnerability Details
When the escrow contract is created, the seller should only receive i_price tokens (if there was no arbiter involved).
But in the confirmReceipt() method, the seller is sent i_tokenContract.balanceOf(address(this)) tokens, which could be more or less than i_price.
Impact
The seller can be paid less/more if the contract's token balance is different thatn i_price
Tools Used
Manual Code Review
Recommendations
i_price should be used over i_tokenContract.balanceOf(address(this) when paying the amount to the seller
i_price
should be used overi_tokenContract.balanceOf(address(this)
Severity
Medium Risk
Relevant GitHub Links
https://github.com/Cyfrin/2023-07-escrow/blob/main/src/Escrow.sol#L98
Summary
i_price
should be used overi_tokenContract.balanceOf(address(this)
Vulnerability Details
When the escrow contract is created, the seller should only receive
i_price
tokens (if there was no arbiter involved). But in theconfirmReceipt()
method, the seller is senti_tokenContract.balanceOf(address(this))
tokens, which could be more or less thani_price
.Impact
The seller can be paid less/more if the contract's token balance is different thatn
i_price
Tools Used
Manual Code Review
Recommendations
i_price
should be used overi_tokenContract.balanceOf(address(this)
when paying the amount to the seller