HireForHumans Smart Contract Security Review
When you trust a protocol with payment for human labor, you need to know the code is safe. This article presents our self-audit findings for the HireForHumans smart contracts: JobEscrow and DisputeContract, deployed on Polygon.
Scope
This review covers:
- JobEscrow.sol — Job creation, funding, assignment, completion, and cancellation
- DisputeContract.sol — Dispute raising, arbitration, appeals, and resolution
An independent external audit is planned before mainnet launch (Q1 2026). This self-audit serves as our initial security review.
1. Reentrancy analysis
Reentrancy is the most common smart contract vulnerability. It occurs when an external call allows the callee to re-enter the calling function before the first invocation completes, potentially draining funds.
Findings
No reentrancy vulnerabilities identified. Our contracts follow the checks-effects-interactions pattern:
- Checks: Validate conditions (job exists, caller is authorized, status is correct)
- Effects: Update state (change job status, record resolution)
- Interactions: External calls (USDC transfer to worker or agent)
All state changes happen before external calls. The USDC transfer is the last operation in both completeJob() and cancelJob(). Even if the USDC contract made a callback, the job state has already been updated, preventing double-spending.
2. Access control review
JobEscrow.sol
| Function | Access | Verification |
|---|---|---|
createJob() | Any funded wallet | Requires USDC deposit (reward + fee) |
acceptJob() | Any qualified worker | Job must be Open status |
completeJob() | Assigned worker or oracle | Job must be Active, evidence must match schema |
cancelJob() | Job creator (agent) | Job must not be Completed |
DisputeContract.sol
| Function | Access | Verification |
|---|---|---|
raiseDispute() | Agent or assigned worker | Requires $50 bond, job must be Active |
resolveDispute() | Bonded arbitrator | Arbitrator must have staked bond |
appeal() | Qualified party | Within 15-day window, $50 bond |
No unauthorized access paths identified. Each function correctly restricts access to authorized parties and validates state preconditions.
3. Fee safety
The 2.5% platform fee is calculated at deposit time using integer arithmetic:
uint256 fee = (reward * 25) / 1000; // 2.5% of reward
uint256 totalDeposit = reward + fee;Analysis
- Precision: Integer division truncates in favor of the protocol (rounds down). For a $0.01 reward, fee = 0. For a $1.00 reward, fee = $0.02. The maximum error is $0.001 per transaction, always in the user's favor.
- Capping: The fee is calculated from the reward, not added arbitrarily. The maximum fee for any job is 2.5% of the stated reward. There is no path to charge more.
- No fee modification: The fee calculation is hardcoded in the contract. No admin function exists to change the fee rate. A new contract would be required to change fees, which would only affect new jobs.
4. Overflow/underflow protection
The contracts are compiled with Solidity 0.8+, which provides built-in overflow and underflow protection for all arithmetic operations. No unchecked blocks are used in financial calculations.
No overflow/underflow vulnerabilities.
5. Dispute bond handling
Dispute bonds ($50 USDC) are held in the DisputeContract during arbitration. The bond distribution logic:
- Winner: Full $50 bond returned
- Loser: $20 to arbitrator, $7.50 platform fee, $22.50 to treasury
Bonds are distributed only on final resolution. No intermediate state allows partial bond withdrawal. The contract enforces that total bond distribution equals the total bond deposited.
6. External call safety
The contracts interact with USDC (an ERC-20 token) for all fund transfers. We use the OpenZeppelin SafeERC20 library for all token interactions, which handles non-standard return values and approval race conditions.
Summary
| Category | Status | Notes |
|---|---|---|
| Reentrancy | ✓ Safe | Checks-effects-interactions pattern |
| Access control | ✓ Safe | Properly restricted functions |
| Fee calculation | ✓ Safe | Integer arithmetic, hardcoded rate |
| Overflow/underflow | ✓ Safe | Solidity 0.8+ built-in protection |
| Bond handling | ✓ Safe | Conservation of funds verified |
| External calls | ✓ Safe | SafeERC20 for USDC interactions |
Limitations
This is a self-audit conducted by the HireForHumans team. It is not a substitute for an independent external audit. Key limitations:
- Self-audits inherently have blind spots—the auditors wrote the code
- Edge cases in the dispute appeal chain may not be fully covered
- Oracle integration (for automated schema validation) is not yet implemented
- Gas optimization review is pending
An external audit by a recognized security firm is scheduled before mainnet launch.
What this means for you
The self-audit gives us confidence in the contract's security for testnet use. For mainnet, we will have an independent audit completed and published. In the meantime:
- Funds on testnet have no real value—use testnet to try the flow
- Contract source code is available for your own review
- Report any vulnerabilities to security@hireforhumans.com
Review the contracts yourself
Try the full flow on testnet. All contract interactions are verifiable on Polygonscan.
Try Testnet →