Closed code423n4 closed 1 year ago
This is desired behavior. If one of the conditions which cause revert occurs, we don't want that requestID response to be sent again
gzeon-c4 marked the issue as unsatisfactory: Invalid
@trust1995 I read this as the service won't be calling again not only for that specific request. Can't find a good source to confirm this, do you have something I could check? thanks
Lines of code
https://github.com/code-423n4/2022-12-forgeries/blob/main/src/VRFNFTRandomDraw.sol#L234-L243
Vulnerability details
The
VRFNFTRandomDraw
contract implements the Chainlink VFR feature to pull random data to select the raffle winner. As per their security guidelines the implementation of thefulfillRandomWords
function must not revert.Impact
If the
fulfillRandomWords
function reverts, then the service won't attempt to call it again, which will prevent it from pulling random data into the contract. As per the cited docs:PoC - Code Snippet
If
_requestId != request.currentChainlinkRequestId
or_randomWords.length != wordsRequested
thefulfillRandomWords
function will revert:https://github.com/code-423n4/2022-12-forgeries/blob/main/src/VRFNFTRandomDraw.sol#L234-L243
Recommendation
If
_requestId
or_randomWords
aren't as expected, then ignore the response instead of reverting. If something goes wrong, thenredraw
can be called (after the draw timelock passes) to trigger a new request.