Currently, it is possible to deploy a new escrow contract with arbiter == seller
or arbiter == buyer
. However, this is not intended to be a valid state for an Escrow contract. The fundamental purpose of the arbiter is to act as an impartial third party, distinct from both the seller and the buyer of the service. Therefore, to ensure the integrity and proper functionality of the Escrow contract, it is essential to disallow such configurations and enforce the requirement that the arbiter must be an unbiased 3rd party separate from the seller and buyer.
In the Escrow.sol
constructor, there is currently no validation to ensure that the arbiter set is neither the seller nor the buyer. As a result, Escrow contracts can be deployed with the same address for the arbiter and seller or for the arbiter and the buyer, undermining the primary purpose of the escrow contract.
To preserve the integrity and functionality of the escrow mechanism, it is crucial to implement checks that enforce the condition that the arbiter must be an impartial third party, distinct from both the seller and the buyer.
The issue arises from the possibility of the arbiter being the same address as either the seller or the buyer in the Escrow contract. Consequently, the arbiter becomes irrelevant, undermining the dispute process, a significant feature of the Escrow contract.
Given the impact on the contract's essential functionality, I consider the severity of this issue to be medium.
VSCode
Add a check to the Escrow.sol
constructor:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.