CodeHawks Escrow Contract - Competition Details

Summary

[Informational] Without an arbiter, the escrow is meaningless

Vulnerability Details

The buyer has the ability to create an escrow without an arbiter. If there is no arbiter, the buyer is the only actor that can decide to send all the funds in the escrow to the seller or lock them inside the contract. I assume this was a design decision, however I don't see why/how this can be useful.

Lets think about various scenarios:

1. Buyer and seller don't trust each other, they use an arbiter. This is the main scenario and it makes sense.

2. Buyer and seller trust each other 100%, they don't use an arbiter. They are honest and buyer releases the money on time. Then there is absolutely no reason to use the escrow. It is just an expensive on-chain way to store payment records with unnecessary smart contract risk.

3. Buyer and seller trust each other 100%, they don't use an arbiter. buyer is not honest, they receive the audit but don't release the funds, funds are locked in the contract.

4. Buyer and seller trust each other 100%, they don't use an arbiter. seller is not honest, they don't audit the protocol, the buyer looses their funds because they are locked in the contract.

As seen from the scenarios above, without a third party trusted arbiter, there is no reason for two people to use an escrow. Arbiter is a crucial actor and should be present in all escrow agreements.

Escrow: a bond, deed, or other document kept in the custody of a third party and taking effect only when a specified condition has been fulfilled.

Oxford dictionary

Impact

Without an arbiter, wrong trust assumptions can result in locked funds.

Tools Used

Design Review

Recommendations

Constructor of the Escrow.sol should require arbiter to be non zero