In the resolveDispute
function of Escrow.sol
, I noticed that there isn't a cap on the buyerAward
parameter, which can potentially lead to an unfair scenario where the buyer and arbiter could collaborate to secure the majority of the locked funds. This situation could adversely impact the seller, resulting in significant losses for the seller upon completion of the work.
For example, consider a case where the total locked price is 10 DAI tokens, and the arbiter fee is 2 DAI tokens. By setting the buyerAward
to a value less than 8 DAI tokens (e.g., 7 DAI tokens), the buyer and arbiter can together receive the majority of the locked funds, leaving only 1 DAI token for the seller.
Manual Review
To address this vulnerability and ensure a fair resolution process, I strongly recommend implementing a cap on the buyerAward, such as limiting it to a maximum percentage of the total locked price. For instance, setting a cap of 20% on the buyerAward would prevent any malicious intent by the buyer and arbiter to disproportionately benefit from the locked funds.
By introducing this cap, you can safeguard the seller's interests and maintain the contract's integrity throughout the dispute resolution process. The cap will serve as a crucial mitigation measure against potential collusion and unjust outcomes, fostering trust and transparency in the platform.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.