Missing explicit agreement existence check in voidExpiredDeal
The voidExpiredDeal function in DealManager assumes that a deal exists for the supplied agreementId but does not explicitly verify this. The existence check occurs only implicitly within the voidContractFor function.
function voidExpiredDeal(bytes32 agreementId, address signer, bytes memory signature) public nonReentrant {
// Check: status
Escrow storage deal = LexScrowStorage.getEscrow(agreementId);
if (block.timestamp <= deal.expiry) revert DealNotExpired();
// Effect: update status
ICyberAgreementRegistry(LexScrowStorage.getDealRegistry()).voidContractFor(
agreementId, signer, signature);
for(uint256 i = 0; i < deal.corpAssets.length; i++) {
if(deal.corpAssets[i].tokenType == TokenType.ERC721) {
DealManagerStorage.getIssuanceManager().voidCertificate(
deal.corpAssets[i].tokenAddress,
deal.corpAssets[i].tokenId
);
}
}
if(deal.status == EscrowStatus.PAID)
// Interaction: payment
voidAndRefund(agreementId);
else if(deal.status == EscrowStatus.PENDING)
// Effect: update status
voidEscrow(agreementId);
}If a future upgrade modifies voidContractFor to skip processing rather than reverts for a nonexistent agreementId, an attacker could call voidExpiredDeal with an agreementId that has not yet been created and mark the deal as void in the contract.
Therefore, we recommend adding an explicit existence check for the agreementId parameter in voidExpiredDeal.