`RAACHousePriceOracle.sol:fulfillRequest` & `RAACPrimeRateOracle.sol::fulfillRequest` should never revert, otherwise it can mislead protocol to stale prices
Summary
The Chainlink Function is a two-step solution in which a request is created and after some time, the request is fulfilled. The fulfillment happens through a callback which means it's a new transaction and not part of the request transaction.
Both contracts rely on Chainlink Functions to get RWA prices through external calls.
Vulnerability Details
The fulfillRequest function from both contracts have a revert statement to revert the transaction if the fulfillment has an error.
Chainlink Function errors not always are caused by endpoint problems. According to what computation you are performing, it can be caused by RPC oscillation, network conditions, etc and all you need to do is request again.
By reverting you are not handling the error correctly and only the fulfillment will revert, not the whole request.
Impact
In addition, the state variables will already have been updated, regardless of the callback's result. This can mislead the protocol into believing the requests are being fulfilled.
Tools Used
Code Review.
Recommendations
Handle the error properly and emit an event informing about the fulfillment failure so you can listen off-chain and start a new request ensuring the prices are updated correctly.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.