Open codehawks-bot opened 1 year ago
Escalation. I think severity is medium since there have user funds at risk -> imapck high , likelyhood is low so i think need to be medium.
Addictional on issues with fee on transfer tokens and rebase tokens which is considered as medium, you can just simple send few more tokens to escorw contract and fix the issue but on this issue you can't do anything expect to release payment to seller (which you don't wanna do it if you planing to make dispute).
So as i say my opinion is that is medium serverity
At the moment, the arbitor is a trusted role, so this isn't valid. However, it's a nice feature request.
Add methods to add/update arbiter in existing Escrow contracts
Severity
Medium Risk
Relevant GitHub Links
https://github.com/Cyfrin/2023-07-escrow/blob/main/src/Escrow.sol
Summary
Add methods to add arbiter in existing Escrow contracts
Vulnerability Details
If the Escrow contract gets created without the arbiter, and if an arbiter is needed to settle a dispute, then there is no way to add one.
Impact
The only way to get funds our of the contract is:
confirmReceipt()
method to send funds to the sellerFor Case 2, the funds cannot be taken out of the contract in case of disputes, and so the funds get locked in there.
Severity Justification
Marking this as medium as both the following medium criteria satisfy:
Source: https://docs.codehawks.com/rewards-and-judging
Tools Used
Manual analysis
Recommendations
Create a method that can update the arbiter if needed. This method can be written such that both the buyer and seller agree to add the arbiter based on their votes.