40,000 USDC
View results
Submission Details
Severity: medium
Valid

Funds locked trough improper setup

Summary

Funds could end up in a locked state if there is no arbiter added and the seller will not deliver the audit because of an event that happened after the audit started( or lost access to the address, die, etc.... just complete away )

Vulnerability Details

POC:

  1. Buyer creates the escrow contract

  2. Mid-audit seller is completely away and not responding to any messages and the audit was not deliver, if there is no arbiter set, the seller will not be able to call the initiateDispute function to try to recover his funds back and they will stay lock inside the contract

Impact

Funds will be locked inside the contract.

Tools Used

Manual Review

Recommendations

Add the check from L#103 inside the constructor and remove it from the function initiateDispute obligating all deployers to have an arbiter assigned.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.