Root + Impact

Description

The requestMintWeatherNFT function includes logic to collect LINK from the user if _registerKeeper is true, as shown below:

However, this contradicts the intended design of Chainlink Functions, which do not require direct LINK transfers by contracts to fund requests. Instead, a subscription account funded off-chain is used to pay for oracle services.

You can take a look at the chain link doc on Subscription management

https://docs.chain.link/chainlink-functions/resources/architecture#subscription-management

Risk

Users are incorrectly required to manually send LINK which can lead to loss of users funds and stuck in the contract.

Likelihood:

This will happen whenever their is a request call to mint the weather Nft from a user

Impact:

• Users are incorrectly required to manually send LINK, leading to confusion and higher friction.

• The contract unnecessarily holds LINK, increasing attack surface.

• This may result in wasted gas, broken flows, and improper user experience.

• It could break compatibility with future Chainlink Functions updates or best practices.

Proof of Concept

Read the documentation on https://docs.chain.link/chainlink-functions/resources/architecture#subscription-management

Recommended Mitigation

Remove the LINK transfer logic from the contract (safeTransferFrom).

• Manage the subscription off-chain and ensure this contract is a registered consumer

• You may keep _registerKeeper and _initLinkDeposit for off-chain UI tracking, but they should not result in on-chain LINK movement unless explicitly needed for other non-Chainlink-related logic.

•