fulldecent
commented
4 years ago I am trying to understand this. Regarding: https://github.com/erasureprotocol/erasure-protocol/blob/c716c17a080ac7817312ab57ec4b1c60aa867f19/contracts/escrows/CountdownGriefingEscrow.sol
The scenario here is:
- Operator creates the
CountdownGriefingEscrowcontract and initializes with:seller=address(0)operator≠address(0)
- Operator deposits stake using
depositStake- Documentation states "if
sellernot already set, makemsg.sendertheseller" selleris not changed- Tokens are attributed to
sellerwhich is stilladdress(0)
- Documentation states "if
- Nobody can get tokens that are attributed to
address(0)
Design issues:
- If a contract is initialized where the seller is open-ended then the contracts fails if the operator acts as a seller.
- There is no way for an operator to set the seller for the contract if it was not set at initialization.
- The contract works properly if the sender on an open-ended contract deposits stake by itself.
Design questions:
- Is it desired that an operator will be able to set the sender if the contract was initialized without a sender?
Is this a vulnerability?:
- We need to see the contract implementation for the intended operator contract to decide.
- If the operator contract wants to set the sender for a contract that was initialized without a sender then then this is a vulnerability.
Remediation:
- At a minimum, for safety, prevent operator from acting as seller in the current implementation.
- This can be done in below here
- OR review the functionality of the operator implementation to make sure it is not used in this way.
- If it is desired that operator can set the
sellerat a time after contract initialization, then this must be added as a new public function.
thegostep
The escrow contract can lead to stuck tokens if the operator deposits the stake when there is no staker set. The tokens become stuck once the tokens are transfered to the agreement contract since the zero address is set as the staker.