40,000 USDC
View results
Submission Details
Severity: low

If auditors team to create like 51% attack they can dos the audit marketplace

Summary

if there is no arbiter and the protocol sends the funds, audits can team up to not audit the protocol causing dos and loss of funds

Vulnerability Details

The issue is that if auditors come together and don't take an audit for certain reasons like they are bad or the price is not high enough it will cause dos and the protocol won't be able to get the funds back
ex:
StarKing protocol makes new escrow knowing that they will get an audit/auditor
Then the audit/auditors don't audit StarKing because they didn't send enough funds or the auditors are 51% attacking them and causing dos.

Impact

The reason this is an issue besides not having an Arbiter is that the Arbiter is made for disputes so what happens if the auditor doesn't audit the protocol causing the funds to be stuck. This scenario where funds are stuck shouldn't even be possible. That's the reason it's a low severity.

Tools Used

Recommendations

have a time limit that if the audit report is not given to the buyer then they can get the funds back. Even though this can make it more of a risk, if let's say protocol won't pay until something that was not in the contract when making the escrow contract agreement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.