Submission Details
Severity:
LLMOracleCoordinator`s validate will revert for valid reqeust due to underflow while computing variance
Summary
Underflow inside computing variance will cause valid request to revert
Vulnerability Details
underflow e.x. [1,2,3]; mean = 2; 1 - 2 underflow
function variance(uint256[] memory data) internal pure returns (uint256 ans, uint256 mean) {
mean = avg(data);
uint256 sum = 0;
for (uint256 i = 0; i < data.length; i++) {
uint256 diff = data[i] - mean; // @audit underflow e.x. [1,2,3]; mean = 2; 1 - 2 underflow
sum += diff * diff;
}
ans = sum / data.length;
}
Impact
validate function wil revert when it suppose to pass.
Tools Used
Recommendations
function variance(uint256[] memory data) internal pure returns (uint256 ans, uint256 mean) {
mean = avg(data);
uint256 sum = 0;
for (uint256 i = 0; i < data.length; i++) {
- uint256 diff = data[i] - mean;
+ uint256 diff = data[i] >= mean ? data[i] - mean : mean - data[i];
sum += diff * diff;
}
ans = sum / data.length;
}
Updates
Lead Judging Commences
inallhonesty 8 months ago
Submission Judgement Published Assigned finding tags:
Underflow in computing variance
Prize pool breakdown
Total prize
21,000 USDC
nSLOC
1,03420 USDC / LOC
20,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.