fulfillMintRequest
Allows Interference with MintingNormal Behavior: Only the Chainlink router should call fulfillMintRequest
after a valid oracle response.
Issue: The function lacks an onlyRouter
check, so any address can call it after a response is set.
CopyEdit
Likelihood:
After a valid oracle response is stored, any address can call the function.
Impact:
Malicious actors can interfere with minting and keeper logic.
Could lead to gas wastage or contract state corruption.
There is no check to ensure that the caller of the `fulfillMintRequest` function is actually the owner of the `requestId`. This allows a malicious user to receive a NFT that is payed from someone else.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
View preliminary resultsAppeals are being carefully reviewed by our judges.
The contest is complete and the rewards are being distributed.