Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

When error happens, the `fulfillRequest()` will silently failed

0xhacksmithh

Summary

Vulnerability Details

According to chainlink FunctionsClientdocs fulfillRequest()is a

  • User defined function to handle a response from the DON

  • Either response or error parameter will be set, but never both

https://docs.chain.link/chainlink-functions/api-reference/functions-client#fulfillrequest

Now let see how this fulfillRequest()implemented in BaseChainlinkFunctionsOracle.solcontract

function fulfillRequest(
bytes32 requestId, // @audit-issue requestId not checked
bytes memory response,
bytes memory err
) internal override {
s_lastResponse = response;
s_lastError = err; // @audit-issue if error happens then this function silently failed https://docs.chain.link/chainlink-functions/api-reference/functions-client
if (err.length == 0) {
if (response.length == 0) {
revert FulfillmentFailed();
}
_processResponse(response);
}
}

https://github.com/Cyfrin/2025-02-raac/blob/main/contracts/core/oracles/BaseChainlinkFunctionsOracle.sol#L99-L113

From above(docs of chainlink) we know that either Error.length or Responce.length != 0

  • when No error (i.e err.length == 0)

    • Revert when no responce

    • OR

    • _processRespone

  • When there is Error, Nothing happens and function end silently

No emits no reverts happen when There is Error

Impact

Tools Used

Manual review

Recommendations

Use something like event or reverts to track Error

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Out of scope

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.