No validation of arbiter intent to participate
Summary
The arbiter is not a part of the "deal" and therefore might not resolve disputes.
The escrow should validate a signed message by the arbiter indicating that they are part of the "deal"
Vulnerability Details
The arbiter can be selected to resolve disputes. However, even if selected - there is no confirmation that the arbiter intends to do their job.
Consider a buyer that offers good terms to the seller. The seller agrees.
An escrow is deployed and a dispute is called by the buyer.
It is expected that the arbiter will solve the dispute - however, there are many reasons why an arbiter might not want to solve disputes. Here are some examples:
The arbiter might not even know of the escrow
The arbiter is pre occupied and cannot handle any more work
The fee is to low
The token used is unwanted by the arbiter
The arbiter should be part of the "deal" between the two parties by signing an intent
Impact
Disputes might not get solved, loss of funds
Tools Used
Brain
Recommendations
Add a signature of the arbiter. The signature should be a signed message indicating their intent to resolve disputes in this escrow. The signature can include the expected create2 address and a string such as "I confirm being the arbiter".
This signature should be validated on escrow creation
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.