Summary

The smart contract Escrow contains a potential vulnerability where the constructor does not check the value of the arbiter address. This could result in an invalid arbiter address being used in the contract, leading to unexpected behavior and potential security risks.

Vulnerability Details

In the constructor of the Escrow contract, there is no check for the arbiter parameter to ensure that its address is valid and not equal to address(0). If a malicious or invalid address is provided as the arbiter, it may cause the following issue:

Invalid Arbiter Address: An invalid arbiter address may lack the appropriate permissions to execute critical functions within the contract, such as resolving disputes. This could result in disputes not being properly resolved or the contract not functioning as intended.

Impact

This vulnerability may have a negative impact on the Escrow contract and its users. If an invalid arbiter address is used, disputes may not be properly resolved, and the functionality of the contract may be affected. This could result in funds being trapped within the contract, impacting users' transaction experiences, and potentially causing financial losses.

Tools Used

vscode

Recommendations

To address this vulnerability, it is recommended to add the following check in the constructor of the Escrow contract:

Ensure that the value of the arbiter parameter is not equal to address(0), thereby ensuring that a valid arbiter address is provided