Weather Witness

First Flight #40

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Potential DOS

perun84

Root + Impact

Description

If user wants to mint NFT with upkeep updates, contract calls IAutomationRegistrarInterface function which registers upkeeper.
If IAutomationRegistrarInterface is failing and reverting (due to registrar misconfiguration, lack of LINK, or external issues), NFT won't be minted even user paid for it and functions did the job.

triggerConfig: "",

offchainConfig: "",

amount: uint96(_userMintRequest.initLinkDeposit)

});

@> upkeepId = IAutomationRegistrarInterface(s_keeperRegistrar)

.registerUpkeep(_keeperParams);

}

Risk

Likelihood:

This occurs whenever the Chainlink Keeper registrar is unavailable, misconfigured, out of LINK, or otherwise fails to process the registration.
Any external or temporary issue with the registrar can block all NFT mints that request upkeep, regardless of the contract's own correctness.

Impact:

Users can be denied NFTs they paid for, leading to loss of funds and trust.
An external dependency (the registrar) can cause a denial of service for core contract functionality.

Proof of Concept

User requests to mint an NFT with upkeep enabled
Chainlink Functions fulfills the weather request successfully
User calls fulfillMintRequest with the returned reqId
Suppose the Chainlink Keeper registrar is misconfigured, out of LINK, or otherwise fails
Result: The NFT is NOT minted, even though the user paid and the oracle succeeded.

Conclusion: The user cannot claim their NFT until the registrar issue is resolved.

weatherNft.requestMintWeatherNFT("125001", "IN", true, 12 hours, 5e18);

weatherNft.fulfillMintRequest(reqId);

Recommended Mitigation

Put register upkeep inside try catch -> In case of failure, emit event and continue minting NFT.

+ event KeeperRegistrationFailed(uint256 tokenId, bytes32 requestId);

//rest of existing code

- upkeepId = IAutomationRegistrarInterface(s_keeperRegistrar)

- .registerUpkeep(_keeperParams);

+ try IAutomationRegistrarInterface(s_keeperRegistrar).registerUpkeep(_keeperParams) returns (uint256 _upkeepId) {

+ upkeepId = _upkeepId;

+ } catch {

+ emit KeeperRegistrationFailed(tokenId, requestId);

+ upkeepId = 0;

+ }

Updates

Appeal created

bube Lead Judge 23 days ago

Submission Judgement Published

Validated

Assigned finding tags:

Lost fee in case of Oracle failure

If Oracle fails, the `fulfillMintRequest` function will not return the payed fee for the token to the user.

Rewards breakdown

nSLOC

236

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.