If The buyer executes a reorg attack the seller would be cheated out on the funds
Summary
A reorg attack can happen if the buyer has enough validators or if the buyer gets lucky when the chain is reorg rule
Vulnerability Details
The buyer executes to give the funds and meanwhile, the seller at the same block gives the audit report
Then the buyer reorgs the chain causing the funds to never have been sent
Gaining the audit report and still having the funds
Impact
If the escrow has an arbitor then the risk is mitigated but the auditor won't get the tokens until the dispute is settled
which can take n amount of time for which the token price can drop causing the auditor not to get paid the rate that was agreed upon.
If the escrow has no arbitor then the seller will lose their funds and that is a huge problem for protocols with no arbitor
The reorg attack happens on polygon and mainnet and other chains increasing the severity
Tools Used
Recommendations
If the escrow has no arbitor then there is really no way of mitigating this issue
If there is a arbiter then maybe base the price on USD value or eth value something that is not as vulnerable as token price
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.