Dria

Swan
NFTHardhat
21,000 USDC
View results
Submission Details
Severity: high
Valid

LLMOracleCoordinator`s validate will revert for valid reqeust due to underflow while computing variance

Summary

Underflow inside computing variance will cause valid request to revert

Vulnerability Details

underflow e.x. [1,2,3]; mean = 2; 1 - 2 underflow

function variance(uint256[] memory data) internal pure returns (uint256 ans, uint256 mean) {
mean = avg(data);
uint256 sum = 0;
for (uint256 i = 0; i < data.length; i++) {
uint256 diff = data[i] - mean; // @audit underflow e.x. [1,2,3]; mean = 2; 1 - 2 underflow
sum += diff * diff;
}
ans = sum / data.length;
}

Impact

validate function wil revert when it suppose to pass.

Tools Used

Recommendations

function variance(uint256[] memory data) internal pure returns (uint256 ans, uint256 mean) {
mean = avg(data);
uint256 sum = 0;
for (uint256 i = 0; i < data.length; i++) {
- uint256 diff = data[i] - mean;
+ uint256 diff = data[i] >= mean ? data[i] - mean : mean - data[i];
sum += diff * diff;
}
ans = sum / data.length;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Underflow in computing variance

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.