Weather Witness

First Flight #40

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Impact: medium

Likelihood: medium

Invalid

Unchecked Keeper Registration Status in Weather NFT Contract

mimis

Description

The contract fails to validate the success of Chainlink Keeper registration, potentially leading to non-functional weather update automation.

Risk

Severity: Medium
Likelihood: Medium

Summary

When registering a Chainlink Keeper for automated weather updates, the contract doesn't verify if the registration was successful via the returned upkeepId.

Vulnerability Details

Root Cause:

upkeepId = IAutomationRegistrarInterface(s_keeperRegistrar).registerUpkeep(_keeperParams);

// No validation of upkeepId

Initial State:

User requests NFT with automation enabled
Pays additional LINK tokens for keeper registration
Registration attempt occurs

Attack Scenario:

User pays for automated updates
Keeper registration fails silently
upkeepId is stored without validation
Weather updates never occur
LINK tokens wasted

Proof of Concept

// Test file demonstrating the vulnerability

function testFailedKeeperRegistration() public {

// Setup mock registrar that returns 0 (failed registration)

MockRegistrar mockRegistrar = new MockRegistrar();

weatherNft.setKeeperRegistrar(address(mockRegistrar));

// User attempts to mint with automation

vm.startPrank(user);

linkToken.approve(address(weatherNft), 1 ether);

bytes32 reqId = weatherNft.requestMintWeatherNFT{value: 1 ether}(

"123456",

"US",

true, // enable keeper

3600,

1 ether // LINK deposit

);

vm.stopPrank();

// Fulfill request

weatherNft.fulfillMintRequest(reqId);

// Assert: Failed registration was not detected

WeatherNftInfo memory nftInfo = weatherNft.s_weatherNftInfo(1);

assertEq(nftInfo.upkeepId, 0); // Invalid upkeepId stored

}

Impact

Failed automation setup goes undetected
Users lose LINK tokens
Weather updates don't occur
Poor user experience
System reliability compromised

Tools Used

Manual Review

Recommendations

Add proper validation for keeper registration:

contract WeatherNft {

error WeatherNft__KeeperRegistrationFailed();

function validateKeeperRegistration(uint256 upkeepId) internal pure {

if (upkeepId == 0) revert WeatherNft__KeeperRegistrationFailed();

}

function fulfillMintRequest(bytes32 requestId) external {

// ...existing code...

if (_userMintRequest.registerKeeper) {

// ...existing keeper registration code...

upkeepId = IAutomationRegistrarInterface(s_keeperRegistrar)

.registerUpkeep(_keeperParams);

validateKeeperRegistration(upkeepId);

// Add refund mechanism for failed registration

if (upkeepId == 0) {

IERC20(s_link).safeTransfer(

_userMintRequest.user,

_userMintRequest.initLinkDeposit

);

emit KeeperRegistrationFailed(requestId);

return;

}

// ...continue with NFT creation...

}

Updates

Appeal created

bube Lead Judge 10 days ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

[Invalid] Keeper registration status is not checked

This is informational. It is not required the keeper registration status to be checked, because if the `registerUpkeep` fails, the whole transaction will revert: https://github.com/smartcontractkit/chainlink/blob/b5e5f8bccfdc764ccba4ce8f87ce28223426c667/contracts/src/v0.8/automation/v2_1/AutomationRegistrar2_1.sol#L213

Rewards breakdown

nSLOC

236

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.