Wrong accounting occurs, as a result the seller will get less amount of pay than both parties agreed on when the escrow was created.
Before the creation of the escrow contract, both parties the buyer (protocol) and the seller (auditor) agree on certain price that will be paid to the auditor for performing the private audit.
Currently the escrow contract checks whether the needed amount of tokens were transferred to it.
However an interesting scenario is not take into account, which will slightly reduce the price paid to the auditor for his security services. Which breaks the initial agreement between the two parties on the price paid for the private audit.
Before the escrow is created, both parties agree on the arbiter details. The arbiter is trusted role given to a person, which confers with both parties off-chain when dispute needs to be resolved.
Issue scenario:
Buyer and seller agrees for an private audit and create an escrow contract. The buyer provides the needed amount of tokens to pay the agreed price for the audit.
Seller is done with the private audit and sends his security report to the buyer.
Buyer is not happy with the security report and doesn't want to pay the agreed price to the seller, so he calls initiateDispute.
The arbiter consults with both parties, and approves that the seller deserves the price as the private audit was performed and security report was provided to the buyer.
The arbiter makes his decisions and resolves the dispute, by not refunding any tokens to the buyer.
The problem here is that by resolving the dispute, a significant share of the price can be paid as fee to the arbiter. As a result the agreed price for the private audit won't be paid to the seller.
Not receiving the agreed price for performing the private audit, can reduce the initiative of auditors to provide their security services on the platform.
Potential loss of funds for the seller, and reduce initiative of auditors to provide their security services on the platform.
Manual review.
On escrow creation, the buyer should provide an amount of tokens which should cover both the price paid to the auditor and arbiter fee.
This way the agreed price for the private audit will be paid to the auditor, incase when resolve dispute is made in favor of the seller.
In a case when the receipt was confirmed, the additional amount of tokens provided for the arbiter fee should be returned back to the buyer. On escrow creation the buyer provided both tokens for the price and the arbiter fee, so everything should work fine.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.