escrow contract #894
Open
escrow contract #894
+830
−10
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
contracts/escrow/Escrow.sol
Outdated
Comment on lines
334
to
386
| function cancelExpiredLocks(uint256 jobId,address token,address payer,address payee) public{ | ||
| uint256 index; | ||
| //since solidy does not supports dynamic arrays, we need to count first | ||
| uint256 found=0; | ||
| for(index=0;index<locks.length;index++){ | ||
| if(locks[index].expiry<block.timestamp && | ||
| ( | ||
| (jobId==0 || jobId==locks[index].jobId) && | ||
| (token==address(0) || token==locks[index].token) && | ||
| (payer==address(0) || payer==locks[index].payer) && | ||
| (payee==address(0) || payee==locks[index].payee) | ||
| ) | ||
| ){ | ||
| found++; | ||
| } | ||
| } | ||
| // bail out if we don't have any expired matching locks | ||
| if(found==0) return; | ||
| uint256[] memory indexToDelete=new uint256[](found); | ||
| uint256 currentIndex=0; | ||
| // now actually do the work | ||
| for(index=0;index<locks.length;index++){ | ||
| if(locks[index].expiry<block.timestamp && | ||
| ( | ||
| (jobId==0 || jobId==locks[index].jobId) && | ||
| (token==address(0) || token==locks[index].token) && | ||
| (payer==address(0) || payer==locks[index].payer) && | ||
| (payee==address(0) || payee==locks[index].payee) | ||
| ) | ||
| ){ | ||
| //cancel each lock, one by one | ||
| //update auths | ||
| for(uint256 i=0;i<userAuths[locks[index].payer][locks[index].token].length;i++){ | ||
| if(userAuths[payer][token][i].payee==locks[index].payee){ | ||
| userAuths[payer][token][i].currentLockedAmount-=locks[index].amount; | ||
| userAuths[payer][token][i].currentLocks-=1; | ||
| } | ||
| } | ||
| //update user funds | ||
| funds[locks[index].payer][locks[index].token].available+=locks[index].amount; | ||
| funds[locks[index].payer][locks[index].token].locked-=locks[index].amount; | ||
| emit Canceled(locks[index].payee,locks[index].jobId,locks[index].token, | ||
| locks[index].payer,locks[index].amount); | ||
| indexToDelete[currentIndex]=index; | ||
| currentIndex++; | ||
| } | ||
| } | ||
| //delete the locks | ||
| for(index=0;index<indexToDelete.length;index++){ | ||
| locks[indexToDelete[index]]=locks[locks.length-1]; | ||
| locks.pop(); | ||
| } | ||
| } |
Check notice
Code scanning / Slither
Block timestamp Low
contracts/escrow/Escrow.sol
Outdated
Comment on lines
334
to
386
| function cancelExpiredLocks(uint256 jobId,address token,address payer,address payee) public{ | ||
| uint256 index; | ||
| //since solidy does not supports dynamic arrays, we need to count first | ||
| uint256 found=0; | ||
| for(index=0;index<locks.length;index++){ | ||
| if(locks[index].expiry<block.timestamp && | ||
| ( | ||
| (jobId==0 || jobId==locks[index].jobId) && | ||
| (token==address(0) || token==locks[index].token) && | ||
| (payer==address(0) || payer==locks[index].payer) && | ||
| (payee==address(0) || payee==locks[index].payee) | ||
| ) | ||
| ){ | ||
| found++; | ||
| } | ||
| } | ||
| // bail out if we don't have any expired matching locks | ||
| if(found==0) return; | ||
| uint256[] memory indexToDelete=new uint256[](found); | ||
| uint256 currentIndex=0; | ||
| // now actually do the work | ||
| for(index=0;index<locks.length;index++){ | ||
| if(locks[index].expiry<block.timestamp && | ||
| ( | ||
| (jobId==0 || jobId==locks[index].jobId) && | ||
| (token==address(0) || token==locks[index].token) && | ||
| (payer==address(0) || payer==locks[index].payer) && | ||
| (payee==address(0) || payee==locks[index].payee) | ||
| ) | ||
| ){ | ||
| //cancel each lock, one by one | ||
| //update auths | ||
| for(uint256 i=0;i<userAuths[locks[index].payer][locks[index].token].length;i++){ | ||
| if(userAuths[payer][token][i].payee==locks[index].payee){ | ||
| userAuths[payer][token][i].currentLockedAmount-=locks[index].amount; | ||
| userAuths[payer][token][i].currentLocks-=1; | ||
| } | ||
| } | ||
| //update user funds | ||
| funds[locks[index].payer][locks[index].token].available+=locks[index].amount; | ||
| funds[locks[index].payer][locks[index].token].locked-=locks[index].amount; | ||
| emit Canceled(locks[index].payee,locks[index].jobId,locks[index].token, | ||
| locks[index].payer,locks[index].amount); | ||
| indexToDelete[currentIndex]=index; | ||
| currentIndex++; | ||
| } | ||
| } | ||
| //delete the locks | ||
| for(index=0;index<indexToDelete.length;index++){ | ||
| locks[indexToDelete[index]]=locks[locks.length-1]; | ||
| locks.pop(); | ||
| } | ||
| } |
Check warning
Code scanning / Slither
Costly operations inside a loop Warning
escrow contract
🚨 Report Summary
For more details view the full report in OpenZeppelin Code Inspector |
Comment on lines
+172
to
+199
| function getLocks(address token,address payer,address payee) public view returns (lock[] memory){ | ||
| // since solidty does not supports dynamic memory arrays, we need to calculate the return size first | ||
| uint256 size=0; | ||
| uint256 length=locks.length; | ||
| for(uint256 i=0;i<length;i++){ | ||
| if( | ||
| (address(token)==address(0) || address(token)==locks[i].token) || | ||
| (address(payee)==address(0) || address(payee)==locks[i].payee) || | ||
| (address(payer)==address(0) || address(payer)==locks[i].payer) | ||
| ){ | ||
| size++; | ||
| } | ||
| } | ||
|
|
||
| lock[] memory tempPendings=new lock[](size); | ||
| size=0; | ||
| for(uint256 i=0;i<length;i++){ | ||
| if( | ||
| (address(token)==address(0) || address(token)==locks[i].token) || | ||
| (address(payee)==address(0) || address(payee)==locks[i].payee) || | ||
| (address(payer)==address(0) || address(payer)==locks[i].payer) | ||
| ){ | ||
| tempPendings[size]=locks[i]; | ||
| size++; | ||
| } | ||
| } | ||
| return(tempPendings); | ||
| } |
Check notice
Code scanning / Slither
Block timestamp Low
Comment on lines
+242
to
+278
| function createLock(uint256 jobId,address token,address payer,uint256 amount,uint256 expiry) external{ | ||
| require(payer!=address(0),'Invalid payer'); | ||
| require(token!=address(0),'Invalid token'); | ||
| require(amount>0,"Invalid amount"); | ||
| require(jobId>0,"Invalid jobId"); | ||
| auth memory tempAuth=auth(address(0),0,0,0,0,0); | ||
| uint256 index; | ||
| require(funds[payer][token].available>=amount,"Payer does not have enough funds"); | ||
| uint256 length=userAuths[payer][token].length; | ||
| for(index=0;index<length;index++){ | ||
| if(msg.sender==userAuths[payer][token][index].payee) { | ||
| tempAuth=userAuths[payer][token][index]; | ||
| break; | ||
| } | ||
| } | ||
| require(tempAuth.payee==msg.sender,"No auth found"); | ||
| require(expiry<=tempAuth.maxLockSeconds,"Expiry too high"); | ||
| require(amount<= tempAuth.maxLockedAmount,"Amount too high"); | ||
| require(tempAuth.currentLockedAmount+amount<=tempAuth.maxLockedAmount,"Exceeds maxLockedAmount"); | ||
| require(tempAuth.currentLocks<tempAuth.maxLockCounts,"Exceeds maxLockCounts"); | ||
| // check jobId | ||
| length=locks.length; | ||
| for(uint256 i=0;i<length;i++){ | ||
| if(locks[i].payer==payer && locks[i].payee==msg.sender && locks[i].jobId==jobId){ | ||
| revert("JobId already exists"); | ||
| } | ||
| } | ||
| // update auths | ||
| userAuths[payer][token][index].currentLockedAmount+=amount; | ||
| userAuths[payer][token][index].currentLocks+=1; | ||
| // update user funds | ||
| funds[payer][token].available-=amount; | ||
| funds[payer][token].locked+=amount; | ||
| // create the lock | ||
| locks.push(lock(jobId,payer,msg.sender,amount,block.timestamp+expiry,token)); | ||
| emit Lock(payer,msg.sender,jobId,amount,expiry,token); | ||
| } |
Check warning
Code scanning / Slither
Dangerous strict equalities Medium
Comment on lines
+350
to
+405
| function cancelExpiredLocks(uint256 jobId,address token,address payer,address payee) public{ | ||
| uint256 index; | ||
| //since solidy does not supports dynamic arrays, we need to count first | ||
| uint256 found=0; | ||
| uint256 length=locks.length; | ||
| for(index=0;index<length;index++){ | ||
| if(locks[index].expiry<block.timestamp && | ||
| ( | ||
| (jobId==0 || jobId==locks[index].jobId) && | ||
| (token==address(0) || token==locks[index].token) && | ||
| (payer==address(0) || payer==locks[index].payer) && | ||
| (payee==address(0) || payee==locks[index].payee) | ||
| ) | ||
| ){ | ||
| found++; | ||
| } | ||
| } | ||
| // bail out if we don't have any expired matching locks | ||
| if(found==0) return; | ||
| uint256[] memory indexToDelete=new uint256[](found); | ||
| uint256 currentIndex=0; | ||
| // now actually do the work | ||
| for(index=0;index<length;index++){ | ||
| if(locks[index].expiry<block.timestamp && | ||
| ( | ||
| (jobId==0 || jobId==locks[index].jobId) && | ||
| (token==address(0) || token==locks[index].token) && | ||
| (payer==address(0) || payer==locks[index].payer) && | ||
| (payee==address(0) || payee==locks[index].payee) | ||
| ) | ||
| ){ | ||
| //cancel each lock, one by one | ||
| //update auths | ||
| uint256 authsLength=userAuths[locks[index].payer][locks[index].token].length; | ||
| for(uint256 i=0;i<authsLength;i++){ | ||
| if(userAuths[payer][token][i].payee==locks[index].payee){ | ||
| userAuths[payer][token][i].currentLockedAmount-=locks[index].amount; | ||
| userAuths[payer][token][i].currentLocks-=1; | ||
| } | ||
| } | ||
| //update user funds | ||
| funds[locks[index].payer][locks[index].token].available+=locks[index].amount; | ||
| funds[locks[index].payer][locks[index].token].locked-=locks[index].amount; | ||
| emit Canceled(locks[index].payee,locks[index].jobId,locks[index].token, | ||
| locks[index].payer,locks[index].amount); | ||
| indexToDelete[currentIndex]=index; | ||
| currentIndex++; | ||
| } | ||
| } | ||
| //delete the locks | ||
| uint256 delLength=indexToDelete.length; | ||
| for(index=0;index<delLength;index++){ | ||
| locks[indexToDelete[index]]=locks[locks.length-1]; | ||
| locks.pop(); | ||
| } | ||
| } |
Check warning
Code scanning / Slither
Dangerous strict equalities Medium
Comment on lines
+350
to
+405
| function cancelExpiredLocks(uint256 jobId,address token,address payer,address payee) public{ | ||
| uint256 index; | ||
| //since solidy does not supports dynamic arrays, we need to count first | ||
| uint256 found=0; | ||
| uint256 length=locks.length; | ||
| for(index=0;index<length;index++){ | ||
| if(locks[index].expiry<block.timestamp && | ||
| ( | ||
| (jobId==0 || jobId==locks[index].jobId) && | ||
| (token==address(0) || token==locks[index].token) && | ||
| (payer==address(0) || payer==locks[index].payer) && | ||
| (payee==address(0) || payee==locks[index].payee) | ||
| ) | ||
| ){ | ||
| found++; | ||
| } | ||
| } | ||
| // bail out if we don't have any expired matching locks | ||
| if(found==0) return; | ||
| uint256[] memory indexToDelete=new uint256[](found); | ||
| uint256 currentIndex=0; | ||
| // now actually do the work | ||
| for(index=0;index<length;index++){ | ||
| if(locks[index].expiry<block.timestamp && | ||
| ( | ||
| (jobId==0 || jobId==locks[index].jobId) && | ||
| (token==address(0) || token==locks[index].token) && | ||
| (payer==address(0) || payer==locks[index].payer) && | ||
| (payee==address(0) || payee==locks[index].payee) | ||
| ) | ||
| ){ | ||
| //cancel each lock, one by one | ||
| //update auths | ||
| uint256 authsLength=userAuths[locks[index].payer][locks[index].token].length; | ||
| for(uint256 i=0;i<authsLength;i++){ | ||
| if(userAuths[payer][token][i].payee==locks[index].payee){ | ||
| userAuths[payer][token][i].currentLockedAmount-=locks[index].amount; | ||
| userAuths[payer][token][i].currentLocks-=1; | ||
| } | ||
| } | ||
| //update user funds | ||
| funds[locks[index].payer][locks[index].token].available+=locks[index].amount; | ||
| funds[locks[index].payer][locks[index].token].locked-=locks[index].amount; | ||
| emit Canceled(locks[index].payee,locks[index].jobId,locks[index].token, | ||
| locks[index].payer,locks[index].amount); | ||
| indexToDelete[currentIndex]=index; | ||
| currentIndex++; | ||
| } | ||
| } | ||
| //delete the locks | ||
| uint256 delLength=indexToDelete.length; | ||
| for(index=0;index<delLength;index++){ | ||
| locks[indexToDelete[index]]=locks[locks.length-1]; | ||
| locks.pop(); | ||
| } | ||
| } |
Check warning
Code scanning / Slither
Dangerous strict equalities Medium
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #893