Summary

The current configuration of the Escrow contract presents an issue in the arbitration process. It permits the buyer to set the arbiter's fee to a nominal amount, even as low as 1 wei. This design significantly reduces the risk (in economic costs) for the buyer during dispute initiation, essentially making it free of charge. Furthermore, this might incentivize the buyer to resort to “dispute resolution” even in cases without dispute. Meanwhile, the arbiter could potentially bear a high cost for their services.

The riskless dispute process for the buyer could create an imbalance in the contract, where the buyer could manipulate the system to their advantage, undermining the intended fairness of the process.

Vulnerability Details

The premise of the Escrow contract setup is that the arbiter is a trusted party and available (otherwise, the funds would be stuck). With that premise set, consider this scenario:

• As the buyer, my incentive would be to have my contract/contracts audited at the lowest price point possible - which would still be considered reasonable and acceptable by the seller (the price agreed upon between the seller and buyer is that price point). And in the case of a dispute, the buyer would want to get back as much of the initial transaction as possible. Thus, setting the fee at the lowest possible price makes sense, e.g., 1 wei (needs to be i_arbiterFee > 0 according to resolveDispute()). Any fee set to the arbiter would be seen as a transaction cost - which the parties would need to bear (even the winning party would get a deduction of the initial agreed-upon price).

• As the seller, my incentive would be the opposite of the buyer's. In the case of a dispute, the seller would also want to maximize their profits. Any potential fee allocation to the arbiter cuts into the potential gain. So for the seller, the arbiterFee at 1 wei also makes sense.

• As the arbiter, if I have an incentive, it would be for the fee to be as high as possible. Even if it need not be profitable for the arbiter, rationally, it should cover the cost of arbitrating at least. But regardless of the price set, the arbiter must arbitrate between the disputing parties in a fair and trusted manner.

Thus, in both the buyer and seller cases, the arbiter fee would benefit the parties if set to the lowest price possible (1 wei).

Impact

The impact of the arbiterFee solely being decided by the buyer and, according to the above - set to 1 wei will be a potentially costly process for the arbiter. But there’s also a side-effect that incentivises initiating a dispute for the buyer.

Initiating a dispute for the buyer comes close to free, regardless of whether there’s a conceived dispute. To fully benefit from this structure, the buyer could always initiate a dispute in hopes of getting a “discount.” In the worst-case scenario, the arbiter judges in the seller's favor- the same result as if the buyer had called confirmReceipt. Any other ruling by the arbiter than the aforementioned benefits the seller, as they would not have to pay the entire previously agreed-upon price. Thus, the dispute process is without risk for the buyer.

The seller cannot benefit from the dispute process similarly since they would optimally always want the buyer to call confirmReceipt.

Tools Used

Manual review.

Recommendations

The buyer should not be able to single-handedly decide on the arbiterFee. An alternative could be that the arbiterFee is set dynamically as a percentage of the price. If the arbiterFee is set dynamically, it would heighten the threshold to start dispute processes by the buyer. This also ensures that the arbiter is reasonably compensated pro rata.