zero address check for i_arbiter at the wrong place
Summary
The zero address check for i_arbiter is in the initiateDispute function instead of constructor.
Vulnerability Details
The zero address check for i_arbiter is in the initiateDispute function. Therefore, if zero address is initialized for i_arbiter in the constructor then there is no way for the buyer or the seller to initiate a dispute using the initiateDispute function.
Instance:
https://github.com/Cyfrin/2023-07-escrow/blob/main/src/Escrow.sol#L103
function initiateDispute() external onlyBuyerOrSeller inState(State.Created) {
if (i_arbiter == address(0)) revert Escrow__DisputeRequiresArbiter();
s_state = State.Disputed;
emit Disputed(msg.sender);
}
Impact
There is no way for the buyer or the seller to initiate a dispute resulting in the price getting locked if the buyer does not call the confirmReceipt function.
Tools Used
Manual review and VS Code
Recommendations
Zero address check should be present in the constructor instead of the initiateDispute function.
Add the below check in the constructor:
if (i_arbiter == address(0)) revert Escrow__DisputeRequiresArbiter();
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.