Summary

The contract creation allows the arbiter to be a zero address.
If the terms are not met by both parties and one of them tries to recover their funds, they can not because
the transaction to initiate dispute will revert cause arbiter is equal to address(0).

Vulnerability Details

When the contract is created, the arbiter fee and arbiter address are set.
There are no sanity checks to see if the address is 0.
Plus the sponsor has confirmed that the arbiter address can be zero means no arbiter.

Now if the following scenarios happen?

• Buyer and seller mutually agree to not use any intermediary

• The seller get's some health problems, loses their private keys, or vanished from the earth

• The same above case for the buyer

• Seller does not complete the work and demands the money

• Buyer does not pay want to pay the wages to the seller

or any scenario you might think of falls here.

During these scenarios, there ain't any way

If they don't want to use an arbiter, the platform will keep the funds for its life.

Although, sponsors confirm that the arbiter address can be zero the implementation to allow zero arbiter address contracts is missing or wrongly implemented.

Impact

-> Nonfunctioning of the arbiter-free escrow contract
-> User funds can get stuck if they deploy the contract thinking that there might be a way to sustain the contract without an arbiter

Tools Used

Foundry, Manual Review

Recommendations

The platform should change its implementation of initiating disputes to allow arbiter-free disputes and add some logic to resolve disputes when there is no human arbiter to rescue.