Submission Details
Impact:
Likelihood:
Missing validation of a minimum Link amount for Chainling Keepers cause revert when `performUpkeep`
Missing validation of a minimum Link amount for Chainling Keepers cause revert when performUpkeep
Description:
WeatherNft::requestMintWeatherNFT function allow 0 like _initLinkDeposit param causing a fail when chainlink keepers try to execute performUpkeep
function requestMintWeatherNFT(
string memory _pincode,
string memory _isoCode,
bool _registerKeeper,
uint256 _heartbeat,
@> uint256 _initLinkDeposit
) external payable returns (bytes32 _reqId) {
require(msg.value == s_currentMintPrice, WeatherNft__InvalidAmountSent());
s_currentMintPrice += s_stepIncreasePerMint;
if (_registerKeeper) {
IERC20(s_link).safeTransferFrom(msg.sender, address(this), _initLinkDeposit);
}
_reqId = _sendFunctionsWeatherFetchRequest(_pincode, _isoCode);
emit WeatherNFTMintRequestSent(msg.sender, _pincode, _isoCode, _reqId);
s_funcReqIdToUserMintReq[_reqId] = UserMintRequest({
user: msg.sender,
pincode: _pincode,
isoCode: _isoCode,
registerKeeper: _registerKeeper,
heartbeat: _heartbeat,
initLinkDeposit: _initLinkDeposit
});
}
Impact:
Every keeper's execution fails bacause the gas consummed for it can't be 0.
Recommended Mitigation:
Check and revert if _initLinkDeposit param is 0
function requestMintWeatherNFT(
string memory _pincode,
string memory _isoCode,
bool _registerKeeper,
uint256 _heartbeat,
uint256 _initLinkDeposit
) external payable returns (bytes32 _reqId) {
require(msg.value == s_currentMintPrice, WeatherNft__InvalidAmountSent());
+ require(_initLinkDeposit > 0, "Init Link deposit can't be 0");
s_currentMintPrice += s_stepIncreasePerMint;
if (_registerKeeper) {
IERC20(s_link).safeTransferFrom(msg.sender, address(this), _initLinkDeposit);
}
.
.
.
Updates
Appeal created
bube 5 months ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
[Invalid] The LINK deposit is not checked
This is informational/invalid. If the LINK deposit is not enough, the function `registerUpkeep` will revert and it is responsibility of the user to provide the correct amount of `_initLinkDeposit`, if the user wants automated weather updates.
Rewards breakdown
nSLOC
236This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.