Summary

The initiateDispute function in the Escrow contract is designed to be called by either the buyer or the seller when the contract is in the Created state. However, if the seller initiates a dispute before the buyer has confirmed receipt, it could potentially lead to unexpected behavior and disrupt the normal workflow of the contract.

Vulnerability Details

The initiateDispute function is designed to allow either the buyer or the seller to initiate a dispute when the contract is in the Created state. It is protected by the onlyBuyerOrSeller and inState(State.Created) modifiers. However, there is no explicit check in the function to prevent the seller from initiating a dispute before the buyer has confirmed receipt. If the seller initiates a dispute prematurely, it could disrupt the normal workflow of the contract and potentially lead to unexpected behavior.

Code Snippet

Impact

If the seller initiates a dispute before the buyer has confirmed receipt, it could disrupt the normal workflow of the contract and potentially lead to unexpected behavior. This could potentially result in a loss of trust in the platform and could complicate the resolution of disputes.

Tools Used

Manual code review

Recommendations

To mitigate this potential issue, it is recommended to add additional checks in the initiateDispute function to ensure that it cannot be called by the seller before the buyer has confirmed receipt. This could be implemented by adding a boolean state variable that tracks whether the buyer has confirmed receipt, and checking this variable at the beginning of the function, like so:

This would ensure that the initiateDispute function cannot be called by the seller before the buyer has confirmed receipt, thereby preventing the potential issues described above.