fulfillMintRequest
Allows Interference with MintingNormal Behavior: Only the Chainlink router should call fulfillMintRequest
after a valid oracle response.
Issue: The function lacks an onlyRouter
check, so any address can call it after a response is set.
CopyEdit
Likelihood:
After a valid oracle response is stored, any address can call the function.
Impact:
Malicious actors can interfere with minting and keeper logic.
Could lead to gas wastage or contract state corruption.
There is no check to ensure that the caller of the `fulfillMintRequest` function is actually the owner of the `requestId`. This allows a malicious user to receive a NFT that is payed from someone else.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.