Summary

The current implementation of the protocol does not have any logic or mechanism that allows the final user to understand if the Escrow contract has been deployed "manually" or via the EscrowFactory.

Only Escrow contracts created from the source Factory should be valid, whitelisted and safe to be used by the buyer, seller and arbiter

Vulnerability Details

The current implementation of the protocol does not have any logic or mechanism that allows the final user to understand if the Escrow contract has been deployed "manually" or via the EscrowFactory.

Only Escrow contracts created from the source Factory should be valid, whitelisted and safe to be used by the buyer, seller and arbiter

Impact

There is no "direct" fund loss, but the security of the overall system can be improved.

Tools Used

Manual

Recommendations

1. The EscrowFactory should store in an internal mapping mapping(address escrow => bool whitelisted) private escrows; the list of escrow contracts created via newEscrow

2. The EscrowFactory should expose an external function that allows dApps/contracts/monitoring tools to query if an escrow contract is valid and has been created via the Factory

These are just the first steps to be followed. There are other additional enhancements that could be made, but it depends a lot on how the client wants to design the protocol behavior for a better UX/DX.