Summary

context: EscrowFactory.sol

The escrow contract protocol allows buyers to create a contract with specific parameters, including buyer, seller, and
arbitrator addresses. Both the buyer and the seller can initiate disputes, but only the arbitrator can resolve them.
However, the current implementation, where the buyer chooses the arbitrator, is perceived as centralized and is breaking
trust with sellers.

Vulnerability Details

The code itself does not contain any vulnerabilities, but the buyer's ability to choose the arbitrator raises concerns
about centralization and fairness. A practical example illustrates the issue:

Alice, the buyer, seeks an auditor (seller) to audit her protocol. She creates an escrow contract with buyer, seller,and
arbitrator addresses.Alice sets Bob's address as the seller because he was going to audit her protocol, and she uses her
own other account's address as the arbitrator.

After Bob successfully audits Alice's project, she willingly initiates a dispute, indicating that she doesn't want to
pay Bob the full amount. As the arbitrator, Alice's other account calls the resolve dispute function, paying Bob only
50% of the agreed amount and keeping the rest for herself and transfers to her account.

Impact

This scenario results in Bob, the seller (auditor), losing 50% of the payment, despite successfully completing the audit
for Alice's protocol. Such trust issues discourage sellers from participating in this protocol. Consequently, a lack of
sellers (auditors) may deter potential buyers from using the protocol to audit their protocols.

Tools Used

Manual

Recommendations

To decentralize the arbitrator selection process and restore trust in the protocol, the following changes are
recommended:

1. Create an array to store potential arbitrator addresses.

2. The buyer must provide an index within the array's length when creating the contract, using it as the arbitrator
   selection.

3. Ensure that the same index is used by the buyer in both the computedAddress() and newEscrow() functions.

By implementing these changes, the protocol will establish a fairer dispute resolution system and promote trust among
all parties involved. Removing the power of arbitrator selection from the buyer and introducing a decentralized approach
will lead to a more equitable ecosystem, encouraging more sellers to participate in the protocol. Ultimately, this will
attract more buyers and facilitate a healthier environment for auditing projects.

Only the contract owner should have the authority to update or remove addresses from the arbitrator array.