Summary

Unresponsive arbiter can cause funds to become permanently stuck.

Vulnerability Details

The arbiter is expected to be an independent third-party. Should a dispute arise, either the buyer or seller can initiate the arbiting process by calling initiateDispute. This essentially hands over control over the assets to the arbiter. The dispute process cannot be rolled back.

Impact

Should the arbiter be unresponsive, for example due to the arbitration fee being too low, loss of access to the private key, personal circumstances, etc., the dispute process cannot be rolled back, and the funds would be permanently stuck in the Escrow contract.

Tools Used

None

Recommendations

First, the dispute process should automatically time-out after a given period. This period can be long, e.g. a month, to allow for a potentially long arbiting process:

That would then allow the two parties to pay out the funds and split them afterwards.

However, since splitting the funds would require trust, a second step that can be implemented on top of the previous one is to allow resolving a dispute without the arbiter, given both parties agree to the outcome. How exactly this is implemented depends on the preferences of the developer. An option is to work with signatures where both parties sign their agreement to a given outcome, which the contract verifies, and then pays out the funds accordingly.