CodeHawks Escrow Contract - Competition Details

Summary

Firstly, if the arbiter's address is set to zero, it prevents the buyer from retrieving their tokens in case the seller does not fulfill their obligations. Secondly, the buyer can manipulate the contract by receiving the job from the seller but not confirming the receipt, causing the seller to not receive payment. Both vulnerabilities significantly impact the functionality and security of the escrow service.

Vulnerability Details

If the arbiter's address is set to zero, it effectively locks the buyer's tokens in the contract. In case the seller does not fulfill their promises or fails to deliver the agreed-upon service, the buyer will be unable to retrieve their tokens, leading to a complete loss of funds. Without an arbiter, the dispute resolution mechanism is compromised, severely undermining the escrow's purpose and trustworthiness.

The buyer can abuse escrow by receiving the job from the seller but not calling the confirm function. This manipulation prevents the contract from recognizing the successful delivery of the service, resulting in the seller not receiving payment. This flaw enables the buyer to unfairly withhold payment, causing financial loss to the seller and violating the core principles of the escrow service.

Recommendations

Arbiter Address Validation
Ensure that the arbiter's address is not set to zero during contract deployment. Implement input validation to reject deployments with zero as the arbiter address to enforce the presence of a valid arbiter for dispute resolution.

Enforce Confirmation Mechanism
Implement a mechanism that enforces the buyer to call the confirmReceipt function after receiving the job from the seller. This step will ensure that the buyer cannot withhold payment unfairly, and the seller will receive the appropriate compensation for their services.

Default Arbiter Selection
Consider implementing a default arbiter selection mechanism, where if no arbiter address is provided during contract deployment, the contract automatically assigns a predefined or randomly selected arbiter. This ensures that every transaction has an impartial arbiter for dispute resolution.