Hooks.wtf

Random Number Generators

Chainlink.sol

[MEDIUM] Missing Zero Address Validation when setting VRF data

When calling setVRFData, there is no data validation for any of the parameters. This could result in the Chainlink contract calls all reverting if the data is empty or malformed.

It wouldn't be logical to test every parameter, but to ensure empty bytes have not been passed, we would recommend checking at least one parameter is non-zero.

We would recommend checking the requestConfirmations as a zero value for a gas efficient check.

function setVRFData(VRFData memory _vrfData) public onlyOwner {
  if (_vrfData.requestConfirmations == 0) {
    revert InvalidVRFData(_vrfData.requestConfirmations);
  }
  
  // ..
}
Previous
SlabMachine.sol
Next
ProofOfPlay.sol