The Arbiter should, by definition, be a third party for resolving disputes. However it is possible, that it is equal to the seller or buyer.
In the Escrows Constructor there is no check if the arbiter equals the buyer
or seller
address. If the arbiter is set to the same address as either the buyer or the seller, there is a centralization risk on this one party, as they can get all the funds out of the escrow to themselves by initiating a dispute and resolving it to themselves.
One party can get all the funds, bypassing the actual escrow functionality.
Add a check in the constructor to verify the arbiter is not the buyer or seller address.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.