Summary

When a rebase ERC20 is used as a reward, it can change its balance to be lower than arbiterFee. ResolveDispute would revert because of this and tokens would be stuck in Escrow contract.

Vulnerability Details

There is a special type of ERC20 tokens - rebase/elastic tokens. Rebase tokens change their totalSupply. This means that when you get 10 rebase tokens, you can have more/less tokens in the future. Examples are AMPL, stETH, token from OlympusDAO.

There is an if statement in resolveDispute that checks if totalFee is greater than tokenBalance. Fee is calculated from buyerAward and arbiterFee. Even if buyerAward is zero, it can happen that the tokenBalance is going to be lower than arbiterFee if it rebalances and leaves fewer tokens in the contract.

This state leads to resolveDispute reverting with error Escrow__TotalFeeExceedsBalance and tokens getting stuck in Escrow contract until the balance gets higher (there is a possibility that the balance stays lower forever) or someone provides more tokens. Neither of those options is optimal.

Impact

Dispute can't be resolved and funds are stuck in the smart contract until someone provides more tokens.

Tools Used

Manual review

Recommendations

Use lower value of i_arbiterFee or tokenBalance for the arbiterFee. Another option is to scale down the arbiter fee based on price to tokenBalance ratio.