Incompatibility with rebasing tokens
Summary
The fee which the arbiter receives in case of dispute can be more or less due to the token rebase. So the seller's part also can be different from the expected value. It also can cause DOS if i_arbiterFee > i_tokenContract.balanceOf(address(this)).
Vulnerability Details
The i_arbiterFee immutable is the amount of tokens, which the arbiter will receive for resolving disputes.
Let's assume that the i_price is 100 tokens and i_arbiterFee is 30 tokens. After the token rebase the i_tokenContract.balanceOf(address(this)) became 50 tokens. It is not a problem for the confirmReceipt function, but if it happened during a dispute and the arbiter called the resolveDispute function the seller could receive no more than 20 tokens. Instead of 70%-100% of the contract value the seller received only 40%. It also can cause DOS if i_arbiterFee > i_tokenContract.balanceOf(address(this)).
In case of the token rebase in another direction, the arbiter fee value will be less than expected.
Impact
Some participants of the contract can receive less value than they expect.
Tools Used
Manual review
Recommendations
In case the contract should support rebasing tokens the i_arbiterFee immutable should be a percent value from the i_price.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.