User could not specify deadline for oracle requests
Summary
User could not specify deadline as block.timestamp, after which it will be able to return part of the unspent, previously paid, commission. This is useful if there are not enough oracles or validators for the task to have the completed status
Vulnerability Details
Could be situation, when there are not enought oracles or validators for response/validate user's request.
Or it were enought, but after user's request some of them make unstake and ceased to be such.
For user, his request, which take response/validating too long, could become not actual already.
The problem is, that fee has been taken from user's buyer agent contract, and, for example, user's task validated only by 3 of 6 validators. And user could not cancel his request for getting back unspent fee, which was supposed to be paid to the validators, who has not yet validated this task.
Impact
User paid fee, but his request has not complete for a long time and he could not take unspent fee back.
Tools Used
Manual review
Recommendations
Add function cancellTaskAndGetUnspentFeeBack(). Also add parameter in requests function - deadline block.timestamp
Lead Judging Commences
There is no guarantee that task will be completed and buyerAgent will get a response to its purchaseRequest before the round ends, but that was already paid for
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.