Summary
create_escrow computes both timestamps with raw u64 addition:
time_lock_until: now + time_lock_duration, // ❌ no overflow guard
expires_at: now + expires_in, // ❌ no overflow guard
If either time_lock_duration or expires_in is set close to u64::MAX, the addition wraps to a small past timestamp. This could make:
time_lock_until appear already elapsed → time-lock bypassed immediatelyexpires_at appear in the past → refund_escrow callable immediately after creation
Location
contracts/escrow-vault/src/lib.rs, create_escrow, lines ~237-242
Fix
time_lock_until: now.checked_add(time_lock_duration).expect("time_lock_until overflow"),
expires_at: now.checked_add(expires_in).expect("expires_at overflow"),
Summary
create_escrowcomputes both timestamps with raw u64 addition:If either
time_lock_durationorexpires_inis set close tou64::MAX, the addition wraps to a small past timestamp. This could make:time_lock_untilappear already elapsed → time-lock bypassed immediatelyexpires_atappear in the past →refund_escrowcallable immediately after creationLocation
contracts/escrow-vault/src/lib.rs,create_escrow, lines ~237-242Fix