Funds could end up in a locked state if there is no arbiter added and the seller will not deliver the audit because of an event that happened after the audit started( or lost access to the address, die, etc.... just complete away )
Vulnerability Details
POC:
Buyer creates the escrow contract
Mid-audit seller is completely away and not responding to any messages and the audit was not deliver, if there is no arbiter set, the seller will not be able to call the initiateDispute function to try to recover his funds back and they will stay lock inside the contract
Impact
Funds will be locked inside the contract.
Tools Used
Manual Review
Recommendations
Add the check from L#103 inside the constructor and remove it from the function initiateDispute obligating all deployers to have an arbiter assigned.
Funds locked trough improper setup
Severity
Medium Risk
Relevant GitHub Links
https://github.com/Cyfrin/2023-07-escrow/blob/65a60eb0773803fa0be4ba72defaec7d8567bccc/src/Escrow.sol#L32-L51
https://github.com/Cyfrin/2023-07-escrow/blob/65a60eb0773803fa0be4ba72defaec7d8567bccc/src/Escrow.sol#L102
Summary
Funds could end up in a locked state if there is no arbiter added and the seller will not deliver the audit because of an event that happened after the audit started( or lost access to the address, die, etc.... just complete away )
Vulnerability Details
POC:
Impact
Funds will be locked inside the contract.
Tools Used
Manual Review
Recommendations
Add the check from L#103 inside the constructor and remove it from the function initiateDispute obligating all deployers to have an arbiter assigned.