Lack of Arbiter Address Validation
Summary
The smart contract Escrow contains a potential vulnerability where the constructor does not check the value of the arbiter address. This could result in an invalid arbiter address being used in the contract, leading to unexpected behavior and potential security risks.
Vulnerability Details
In the constructor of the Escrow contract, there is no check for the arbiter parameter to ensure that its address is valid and not equal to address(0). If a malicious or invalid address is provided as the arbiter, it may cause the following issue:
Invalid Arbiter Address: An invalid arbiter address may lack the appropriate permissions to execute critical functions within the contract, such as resolving disputes. This could result in disputes not being properly resolved or the contract not functioning as intended.
Impact
This vulnerability may have a negative impact on the Escrow contract and its users. If an invalid arbiter address is used, disputes may not be properly resolved, and the functionality of the contract may be affected. This could result in funds being trapped within the contract, impacting users' transaction experiences, and potentially causing financial losses.
Tools Used
vscode
Recommendations
To address this vulnerability, it is recommended to add the following check in the constructor of the Escrow contract:
Ensure that the value of the arbiter parameter is not equal to address(0), thereby ensuring that a valid arbiter address is provided
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.