Summary

Albeit an edge case, the world of Web3 is extremely fast moving and security issues occur daily. In the event that an arbiter of Escrow loses access to their wallet (for whatever reason), a denial of service state will be hit and any funds within the escrow will be lost if the escrow is placed in a disputed state.

Vulnerability Details

Due to the arbiter address being set during the constructor, and stored as an immutable variable, the arbiter can never be changed. Although this prevents any malicious occurences once the escrow has been created on chain, it does introduce a potential DoS state, and ultimately a loss of funds, in the event that an arbiter cannot resolve a disputed state (for whatever reason).

Impact

Loss of funds, Denial of Service

Tools Used

• VS Code

• Foundry

• Manual reading

Recommendations

It is recommended that an emergency withdraw/cancelation function be implemented. This cancelation should only work in a specific state and require both the buyer and seller, or potentially the original author of the contract (Codehawks) to perform an agreed cancellation and withdrawal to the original creator.

Although this will require additional functionality, it could reduce the loss of funds/DoS state in the event the arbiter is no longer able to sign and resolve a dispute.

An example of cancelling a freshly created escrow could be completed with:

To address the lock up of funds due to an MIA arbiter, an additional address could be allowed to override certain access controls, such as a multi-sig Codehawks wallet, to cancel and kill an escrow regardless of state. This would need thorough testing, however it could work in a similar fashion to onlyRole(CODEHAWK_ROLE) with OpenZepellin access controls, for example.