Function WeatherNft::fulfillMintRequest does not take into account already fulfilled mint requests
Description
Function WeatherNft::fulfillMintRequest can be called using an id of already processed request. This allows to mint an NFT for free. In addition, the new minted NFT will not affect current mint price that must increase with each new NFT.
Risk
Likelihood: High
User can use any minted NFT request id to mint an NFT for free
Impact: High
Users can mint as many NFTs as they want for free
If the original request was created with
registerKeeperset totrue, a new Chainlink automation is registered with each new minted NFT. Since LINK is transferred only once inWeatherNft::requestMintWeatherNFT, all other automations will spend LINK without any additional deposits. An attacker can repeatedly mint NFTs withregisterKeeperset to true and waste all contract LINK
Recommended Mitigation
Function WeatherNft::fulfillMintRequest must revert if the request with passed id is already fulfilled.
Appeal created
Multiple tokens for one `requestId`
The `WeatherNFT::fulfillMintRequest` allows a malicious user to call multiple times the function with the same `requestId`.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.