Weather Witness

First Flight #40

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Impact: high

Likelihood: medium

Invalid

Excessive Gas Usage Due to Low Heartbeat

demigods

Root + Impact

Description
The contract allows users to set a very low heartbeat value, causing excessive upkeep calls

The `requestMintWeatherNFT` function does not enforce a minimum heartbeat value.

function requestMintWeatherNFT(

string memory _pincode,

string memory _isoCode,

bool _registerKeeper,

uint256 _heartbeat,

uint256 _initLinkDeposit

) external payable returns (bytes32 _reqId) {

require(

msg.value == s_currentMintPrice,

WeatherNft__InvalidAmountSent()

);

Risk

Initial State: A user sets a 1-second heartbeat during minting.
Step 1: The upkeep function is triggered excessively.
Outcome: This causes gas congestion and high costs.
Implications: This can lead to network instability and inefficiency.

Impact:
Affected Parties: NFT owners and the Ethereum network.
How They Are Affected: Owners face high costs, and the network experiences congestion.

Recommended Mitigation
A constant `MIN_HEARTBEAT` is defined to set the minimum allowable heartbeat value (e.g., 60 seconds).

The require statement ensures that _heartbeat is greater than or equal to MIN_HEARTBEAT.
If the condition is not met, the transaction reverts with the error message "WeatherNft__HeartbeatTooLow"

function requestMintWeatherNFT(

string memory _pincode,

string memory _isoCode,

bool _registerKeeper,

uint256 _heartbeat,

uint256 _initLinkDeposit

) external payable returns (bytes32 _reqId) {

require(

msg.value == s_currentMintPrice,

WeatherNft__InvalidAmountSent()

);

// Enforce a minimum heartbeat value

uint256 MIN_HEARTBEAT = 60; // Minimum heartbeat of 60 seconds

require(

_heartbeat >= MIN_HEARTBEAT,

"WeatherNft__HeartbeatTooLow"

);

Updates

Appeal created

bube Lead Judge 6 days ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

[Invalid] Lack of input validation in `requestMintWeatherNFT`

This is informational. It is user's responsibility to provide correct input arguments. If the user provides incorrect arguments, it will lead to incorrect results, lost funds or failed transaction.

Rewards breakdown

nSLOC

236

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Weather Witness

Excessive Gas Usage Due to Low Heartbeat

Root + Impact

Description The contract allows users to set a very low heartbeat value, causing excessive upkeep calls

The requestMintWeatherNFT function does not enforce a minimum heartbeat value.

Risk

Recommended Mitigation A constant MIN_HEARTBEAT is defined to set the minimum allowable heartbeat value (e.g., 60 seconds).

Appeal created

[Invalid] Lack of input validation in `requestMintWeatherNFT`

Rewards breakdown

Live

Judging

Appeals

Appeals Review

Rewards Distribution

FAQs

Description
The contract allows users to set a very low heartbeat value, causing excessive upkeep calls

The `requestMintWeatherNFT` function does not enforce a minimum heartbeat value.

Recommended Mitigation
A constant `MIN_HEARTBEAT` is defined to set the minimum allowable heartbeat value (e.g., 60 seconds).