Summary

Escrow contracts do not validate if the arbiter is a valid address, this means if a user creates an escrow contract with arbiter address as address(0) and the user wishes to dispute the escrow contract it will perpetually revert leading to funds being locked in the contract.

Vulnerability Details

The contract EscrowFactory.sol allows msg.sender to create a contract without validating the arbiter address to be a non 0 address. (Bear in mind this cannot be changed once the contract has been created. ) Therefore, if there is a dispute and the user wants to call the function initiateDispute(), they will be unable to do so due to this line of code reverting the function if (i_arbiter == address(0)) revert Escrow__DisputeRequiresArbiter();

To prove this concept:

• Go to test/EscrowTestBase.t.sol and set address public constant ARBITER = address(0);

• You should be able to create a new Escrow contract

• Then call forge test --match-test "testInitiateDisputeChangesState" -vvvv

• This test should fail as the arbiter address is 0

Impact

Sellers and Buyers will be unable to dispute escrow contracts created by the buyer since i_arbiter == address(0). Therefore, there will be no way of resolving the dispute as it cannot be initiated in the first place. This will lead to loss of funds as a result of token locking.

Tools Used

Manual Review

Recommendations

Create a validation check in EscrowFactory.sol which will ensure arbiter addresses are non-zero addresses. Like so: