Seller can repeatedly DoS resolveDispute.
Summary
If using certain tokens such as USDC where users can get their address blacklisted sellers they are able to cause resolveDispute to fail. They can do this by frontrunning the transaction with a transfer of 1 wei to the contract, and then when any excess is attempted to be transferred to them at the end of the function the transfer will fail DoSing the function.
Vulnerability Details
POC:
A buyer and seller agree on an audit of x USDC tokens
For whatever reason a seller decides not to do the audit/does such a bad job an arbiter decides they do not deserve to be paid and the entire amount will be refunded to the buyer (minus the arbiter fee).
Seller gets their address blacklisted
To complete the refund of the entire amount to the buyer the arbiter would need to call resolveDispute with buyerAmount = i_price - arbiterFee.
Seller front runs this call with a transfer to the contract of 1 wei.
After the transfer to buyer and arbiter the balanceOf call on Line 125 will return 1 and trigger the transfer to seller. As they are blacklisted this call will always fail preventing the transaction from succeeding.
If the arbiter tries to call the function again the seller just needs to frontrun with a transfer 1 wei more than whatever the arbiter puts as the buyerAmount (+ arbiterFee) to cause it to revert again.
Impact
Seller can prevent resolveDispute from succeeding and prevent buyer/arbiter from receiving their funds.
Tools Used
Manual Review
Recommendations
Rather than sending the tokens directly to the seller in the resolveDispute function create a new mapping that stores the amount of tokens owed to them and a function that allows them to withdraw the tokens themselves.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.