The Escrow contract can be initialized with the same buyer, seller and arbiter.
Vulnerability Details
The Escrow contract can be initialized with the same buyer, seller and arbiter.
This can lead to the buyer be the arbiter, or the seller be the aribter, and just any combination.
Impact
If the contract gets created with such values as a genuine mistake, then the whole contract will need to be recreated, and there might be fund losses too.
There is a chance that they might not even notice it, until its payment time, and the payment goes to the wrong account.
Tools Used
Manual Code Review
Recommendations
Add a check that buyer, seller and arbiter are not the same in the constructor.
The Escrow contract can be initialized with the same buyer, seller and arbiter.
Severity
Medium Risk
Relevant GitHub Links
https://github.com/Cyfrin/2023-07-escrow/blob/main/src/Escrow.sol#L32
Summary
The Escrow contract can be initialized with the same buyer, seller and arbiter.
Vulnerability Details
The Escrow contract can be initialized with the same buyer, seller and arbiter. This can lead to the buyer be the arbiter, or the seller be the aribter, and just any combination.
Impact
If the contract gets created with such values as a genuine mistake, then the whole contract will need to be recreated, and there might be fund losses too. There is a chance that they might not even notice it, until its payment time, and the payment goes to the wrong account.
Tools Used
Manual Code Review
Recommendations
Add a check that
buyer
,seller
andarbiter
are not the same in the constructor.