Arbiter should be picked randomly.
Summary
Arbiter instead of being set by the buyer, should be randomly selected from a list of decentralized arbiters who have their own percentage of fee per price provided via oracles or other hybrid providers.
Vulnerability Details
-
Arbiter has too much power and can't be trusted. He/she can be biased towards buyer or seller which may cause serious issue. Arbiter can also be corrupted via buyer or seller for settling the dispute in favor of either buyer or seller as most of the dispute settling process is done off-chain. Hence, Arbiter role should be given to someone who is completely decentralized and picked randomly such that he/she won't favor anyone and settle the dispute for only his/her arbiter fees.
-
Buyer can set himself as arbiter, create a dispute and resolve the dispute himself to get all the token price amount which would cause severe loss to the seller.
Impact
It may lead to severe partiality in settling dispute and loss of funds for either buyer or seller.
Tools Used
Manual Analysis
Recommendations
Pick arbiter randomly such that buyer, seller and arbiter have no prior knowledge of one another which will greatly improve impartiality in resolving dispute and fund transfer.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.