40,000 USDC
View results
Submission Details
Severity: gas

Buyer choosing the Arbiter holds risks for the Seller

Summary

Buyer being able to choose any address they want as the arbiter holds risks for the seller.

Vulnerability Details

Buyer can set any address they want as the arbiter with the arbiterFee they choose meaning they can even put their own addresses and contracts as the arbiter. Putting the trust of choosing the arbiter which is the only address that can call the resolveDispute function, in the hands of the buyer is not a good system for the seller. Buyer can act maliciously/unjustified and resolve the disputes however they want even after seller does the work asked of them.

A potential problem can go as follows:

  1. Buyer and seller agree on a price, buyer creates a new escrow contract choosing the arbiter parameter themselves(Can be another address that they own) and set arbiterFee to 0.

  2. Seller does the work asked for them and expects payment.

  3. Buyer/Seller uses initiateDispute() function.

  4. Arbiter calls the resolveDispute() function with the buyerAward parameter being price - arbiterFee.

  5. Dispute resolves with buyer taking their funds back and seller getting nothing in return.

Impact

A malicious buyer that has the power to choose the arbiter address themselves can refuse to give any money to the seller after seller has done their part of the work. Seller will never be able to get the dispute resolved in a way that will favour them.

Tools Used

Manual review.

Recommendations

Have an off-chain pool of verified and trusted arbiter addresses that the buyer has to choose from with an if check on newEscrow function or the constructor in Escrow.sol.
Another idea would be to always have an arbiter which will be the CodeHawks team.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.