Weather Witness

First Flight #40

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Impact: medium

Likelihood: low

Invalid

Failed Automation Registration `WeatherNft.sol::fulfillMintRequest ` function Not Detected or Handled

khan_afzali

Description

In the Weather::fulfillMintRequest function, when a user requests automated weather updates ( _userMintRequest.registerKeeper is true), the contract attempts to register an upkeep with Chainlink Automation. However, the function does not verify that the registration was successful. The registerUpkeep() call can fail silently (e.g., due to insufficient LINK, invalid parameters, or issues with the registrar), returning an upkeepId of 0, which the contract stores without validation

@> upkeepId = IAutomationRegistrarInterface(s_keeperRegistrar).registerUpkeep(_keeperParams);

// No validation that upkeepId != 0

s_weatherNftInfo[tokenId] = WeatherNftInfo({

heartbeat: _userMintRequest.heartbeat,

lastFulfilledAt: block.timestamp,

upkeepId: upkeepId, // Could be 0, indicating failure

pincode: _userMintRequest.pincode,

isoCode: _userMintRequest.isoCode

});

Impact:

Users who pay for automated weather updates (both ETH for minting and LINK for automation) may not receive the service they paid for. The NFT will be minted successfully, but the weather will never update automatically. This creates a deceptive user experience where:

Users transfer LINK tokens that are essentially wasted
The NFT appears to have automation enabled but will never update
Users have no indication that the automation registration failed

Proof of Concept:

If a user mints an NFT with automation and the registerUpkeep() call fails (returning 0), the contract will store an upkeepId of 0. Later, when Chainlink Automation attempts to execute updates, the corresponding upkeep won't exist, and the weather data will remain static.

Recommended Mitigation:

Add validation to ensure the upkeep registration was successful

This ensures that if the automation registration fails, the entire transaction will revert, preventing users from paying for a service they won't receive and providing clear feedback about the failure.

upkeepId = IAutomationRegistrarInterface(s_keeperRegistrar).registerUpkeep(_keeperParams);

+ require(upkeepId != 0, "Upkeep registration failed");

s_weatherNftInfo[tokenId] = WeatherNftInfo({

// Rest of the struct initialization

upkeepId: upkeepId,

// Rest of the struct initialization

});

Updates

Appeal created

bube Lead Judge 5 days ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

[Invalid] Keeper registration status is not checked

This is informational. It is not required the keeper registration status to be checked, because if the `registerUpkeep` fails, the whole transaction will revert: https://github.com/smartcontractkit/chainlink/blob/b5e5f8bccfdc764ccba4ce8f87ce28223426c667/contracts/src/v0.8/automation/v2_1/AutomationRegistrar2_1.sol#L213

Rewards breakdown

nSLOC

236

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.