PatrickAlphaC
commented
11 months ago Closing. This isn't an issue with this smart contract but a potential issue with a periphery contract if such a contract was created.
Closed codehawks-bot closed 11 months ago
PatrickAlphaC
commented
11 months ago Closing. This isn't an issue with this smart contract but a potential issue with a periphery contract if such a contract was created.
Seller can increase the successful amount of confirmed Escrow
Severity
High Risk
Summary
Seller can increase his credit by self-deployed an Escrow contract with the buyer address is in seller's control
Vulnerability Details
Since there is no price minimum for an Escrow, seller can create many escrow and mark the Escrow as confirmed to increase his position if there is any leaderboard in the future. See https://github.com/Cyfrin/2023-07-escrow/blob/main/src/Escrow.sol#L32, it has no minimum price check.
Impact
Seller can maliciously increase his confidence among other in the list.
Tools Used
Manual
Recommendations