Lack of Mandatory Arbiter leads to loss of funds
Summary
The buyer deposits money into escrow but cannot retrieve it when the seller fails to deliver the promised goods or services when an arbiter isn't set. This mirrors a known issue where a seller delivers the service but the buyer doesn't call confirmReceipt().
Vulnerability Details
Buyer deposits funds into an escrow account.
Seller fails to deliver the promised goods or services.
Buyer is unable to retrieve the deposited money.
Impact
There isn't a way for the buyer to retrieve his funds if an arbiter isn't set and the seller doesn't deliver the agreed-upon service.
Tools Used
manual
Recommendations
Require that an arbiter be set for every escrow.
An arbiter should be mandatory since not having one could potentially leave either party in a bad situation. One paid the money but the seller griefed him and didn’t send the report. This means the buyer loses his money permanently. The other is the seller completes the report and then gives it to the buyer but the buyer doesn’t release the funds. For these reasons, I believe an arbitrator should be required.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.