40,000 USDC
View results
Submission Details
Severity: low
Valid

BUYER/SELLER can call the function newEscrow() in EscrowFactory to selfAppoint them as the arbiter

Vulnerability details

In a typical escrow process the three parties involved are :a buyer, a seller, and an unbiased third party known as the arbiter or escrow agent. The role of the arbiter is crucial to maintain the fairness.However, in the EscrowFactory smart contract,that allows either the buyer or the seller to self-appoint themselves as the arbiter when calling the newEscrow() function. This situation poses a risk as it undermines the impartiality of the escrow process.

Impact

Allowing either the buyer or the seller to self-appoint themselves as the arbiter

Mitigation Steps

@Escrow.sol::constructor()

if(buyer == arbiter || seller == arbiter ) revert Escrow_InvalidArbiter();

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.