Weather Witness

First Flight #40

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Impact: low

Likelihood: medium

Invalid

## WeatherNft.sol ## [ _registerKeeper check ]

hawks

Root + Impact

Description

The requestMintWeatherNFT function does not check whether a keeper is already registered before attempting to register them again. If a user calls the function with _registerKeeper = true, and the address has already been registered as a keeper previously, it could result in:

duplicate registrations
LINK token transfer waste
potential overwrites of keeper-related logic or data

This missing check undermines the assumption that each keeper is unique and registered only once.

@> if (_registerKeeper) {

IERC20(s_link).safeTransferFrom(

msg.sender,

address(this),

_initLinkDeposit

);

}

Risk

Likelihood:

A user may repeatedly call requestMintWeatherNFT with _registerKeeper = true, either by accident or maliciously.
The contract currently has no internal check preventing this, so it allows LINK transfers and stores duplicate keeper intents.

Impact:

Keeper registry corruption: if additional logic is built around registeredKeepers, unexpected overwrites may occur.
Wasted LINK: repeated safeTransferFrom calls drain the user's LINK balance.
Inconsistent behavior: contract functions relying on single-registration assumptions may malfunction.

Proof of Concept

Recommended Mitigation

Add a mapping(address => bool) to track registered keepers and a helper function isKeeperRegistered(address) to check the registration status. Then, update the requestMintWeatherNFT function to revert if the caller is already registered before proceeding with the keeper registration logic.

if (_registerKeeper) {

- IERC20(s_link).safeTransferFrom(

- msg.sender,

- address(this),

- _initLinkDeposit

- );

- }

+ mapping(address => bool) public registeredKeepers;

+ function isKeeperRegistered(address keeper) public view returns (bool) {

+ return registeredKeepers[keeper];

+ }

+ if (_registerKeeper) {

+ require(!isKeeperRegistered(msg.sender), "Keeper already registered");

+ IERC20(s_link).safeTransferFrom(

+ msg.sender,

+ address(this),

+ _initLinkDeposit

+ );

+ registeredKeepers[msg.sender] = true;

+ }

Updates

Appeal created

bube Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

nSLOC

236

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.