Weather Witness
First Flight #40
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Functions `WeatherNft::fulfillMintRequest` and `WeatherNft::_fulfillWeatherUpdate` empty return after Chainlink Function response check.

juliancabmar

Functions WeatherNft::fulfillMintRequest and WeatherNft::_fulfillWeatherUpdate empty return after Chainlink Function response check.

Description:
WeatherNft::fulfillMintRequest and WeatherNft::_fulfillWeatherUpdate make checks on the response length and the error message length and if a issue is find, return the function without give any reason.

On WeatherNft::fulfillMintRequest:

function fulfillMintRequest(bytes32 requestId) external {
require(msg.sender == s_reqIdToUser[requestId], "Invalid user");
bytes memory response = s_funcReqIdToMintFunctionReqResponse[requestId].response;
bytes memory err = s_funcReqIdToMintFunctionReqResponse[requestId].err;
require(response.length > 0 || err.length > 0, WeatherNft__Unauthorized());
@> if (response.length == 0 || err.length > 0) {
@> return;
@> }
UserMintRequest memory _userMintRequest = s_funcReqIdToUserMintReq[requestId];
.
.

On WeatherNft::_fulfillWeatherUpdate:

function _fulfillWeatherUpdate(bytes32 requestId, bytes memory response, bytes memory err) internal {
@> if (response.length == 0 || err.length > 0) {
@> return;
@> }
uint256 tokenId = s_funcReqIdToTokenIdUpdate[requestId];
.
.

Impact:
The user never knows what issue in the Chainlin Function response cause the return

Recommended Mitigation:
Return the consice issue.

On WeatherNft::fulfillMintRequest:

function fulfillMintRequest(bytes32 requestId) external {
require(msg.sender == s_reqIdToUser[requestId], "Invalid user");
bytes memory response = s_funcReqIdToMintFunctionReqResponse[requestId].response;
bytes memory err = s_funcReqIdToMintFunctionReqResponse[requestId].err;
require(response.length > 0 || err.length > 0, WeatherNft__Unauthorized());
- if (response.length == 0 || err.length > 0) {
- return;
- }
+ if (response.length == 0) {
+ require(false, "Response Empty");
+ } else if (err.length > 0) {
+ require(false, string(err));
+ }
UserMintRequest memory _userMintRequest = s_funcReqIdToUserMintReq[requestId];
.
.

On WeatherNft::_fulfillWeatherUpdate:

function _fulfillWeatherUpdate(bytes32 requestId, bytes memory response, bytes memory err) internal {
- if (response.length == 0 || err.length > 0) {
- return;
- }
+ if (response.length == 0) {
+ require(false, "Response Empty");
+ } else if (err.length > 0) {
+ require(false, string(err));
+ }
uint256 tokenId = s_funcReqIdToTokenIdUpdate[requestId];
.
.
Updates

Appeal created

bube Lead Judge 5 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Lost fee in case of Oracle failure

If Oracle fails, the `fulfillMintRequest` function will not return the payed fee for the token to the user.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.