40,000 USDC
View results
Submission Details
Severity: low
Valid

Quality Assurance

CounterParty risk is not eliminated.

https://github.com/Cyfrin/2023-07-escrow/blob/main/src/EscrowFactory.sol#L45
The creator of the escrow has control over the arbiter address of the escrow, they buyer could set the address of the arbiter to one they control.

Recommendation

Arbiter address used in creation of the escrows should be within a known whitelisted third party that can be relied upon both by the buyer and the seller.
This would help eliminate trust issues regarding the selection of an arbiter.

Missing check for arbiter is non-zero address

https://github.com/Cyfrin/2023-07-escrow/blob/main/src/Escrow.sol#L37
if the arbiter address is set to address zero all funds within the contract are locked forever in case of a dispute.
When creating an escrow all parameters are checked not but the arbiter address is not check.
The arbiter address is a key component with the escrow.

Recommendation

check that arbiter address is not zero.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.