No Chainlink error handling in case of ethereums gas prices increasing or subscription running out of Link.

[c4-submissions]

Lines of code

https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/RandomizerVRF.sol#L19

Vulnerability details

Impact

Any collections making use of the ChainLink VRF2 randomizer could potentially get 0x0 hashes for their nfts. Due to uint32 public callbackGasLimit = 40000; being hardcoded, any gas fluctuations on Ethereum main net, could potentially not be enough for the oracle to perform the callback & give the minted nfts their unique hashes. Users are also allowed to mint nfts, if the subscription has run out of Link, guaranteeing a 0x0 hash. This could be specially terrible, if users decide to mint in high amounts or the max allowed amount per wallet, for all the minted nfts will have the same hash.

Tools Used

Remix, Hardhat, Foundry

Recommended Mitigation Steps

Add proper error handling for situations where subscriptions or oracle callbacks might be delayed or never occur.

Assessed type

Oracle

[c4-pre-sort]

141345 marked the issue as duplicate of #1307

[c4-judge]

alex-ppg marked the issue as unsatisfactory: Invalid