Submission Details
Severity:
Unchecked External Call in getEthVerificationFee()
Summary
The function makes an external call to chainlinkFeeManager.getFeeAndReward without checking if the call was successful.
Vulnerability Details
https://github.com/Cyfrin/2024-07-zaros/blob/main/src/external/chainlink/ChainlinkUtil.sol
function getEthVericationFee(
IVerifierProxy chainlinkVerifier,
bytes memory reportData
)
internal
returns (FeeAsset memory fee)
{
IFeeManager chainlinkFeeManager = chainlinkVerifier.s_feeManager();
address feeTokenAddress = chainlinkFeeManager.i_nativeAddress();
(fee,,) = chainlinkFeeManager.getFeeAndReward(address(this), reportData, feeTokenAddress);
}
Impact
An unchecked external call can lead to unexpected behavior or errors if the external call fails.
Tools Used
Manual code review
Recommendations
Check the return value of the external call to ensure it was successful. Example:
(bool success, bytes memory data) = address(chainlinkFeeManager).call(abi.encodeWithSignature("getFeeAndReward(address,bytes,address)", address(this), reportData, feeTokenAddress));
require(success, "External call failed");
(fee,,) = abi.decode(data, (FeeAsset, , ));
Updates
Prize pool breakdown
Total prize
60,000 USDC
nSLOC
2,87821 USDC / LOC
50,000 USDC
5,500 USDC
4,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.