Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Lack check the parameters in `setParameters` function

yxsec

Vulnerability Description

The key vulnerability within the provided Solidity contract code lies in the setParameters function:

https://github.com/Cyfrin/2024-10-swan-dria/blob/c8686b199daadcef3161980022e12b66a5304f8e/contracts/llm/LLMOracleManager.sol#L126

function setParameters(LLMOracleTaskParameters calldata minimums, LLMOracleTaskParameters calldata maximums)
public
onlyOwner
{
minimumParameters = minimums;
maximumParameters = maximums;
}

This function allows the owner to set the minimumParameters and maximumParameters of the contract without any checks or validations to ensure that the minimumParameters are logically less than or equal to the maximumParameters. A crucial check that should ensure the minimumParameters.difficulty, numGenerations, and numValidations are always less than or equal to their corresponding maximumParameters values is missing.

This leads to a possibility where an owner could intentionally or accidentally set the minimums greater than the maximums, which could disrupt the proper functioning of the smart contract, potentially making it impossible to create valid tasks or causing unexpected behavior.

Steps to Exploit the Vulnerability

Here’s how this vulnerability can be exploited step-by-step assuming one has the owner's permission or if the attacker is the owner:

  1. Ownership Access: The attacker needs to have control over an owner account of the smart contract.

  2. Invoke setParameters Maliciously: The attacker (as owner) calls setParameters with values where:

    • minimums.difficulty > maximums.difficulty

    • minimums.numGenerations > maximums.numGenerations

    • minimums.numValidations > maximums.numValidations

    For example:

    contractInstance.setParameters(
    LLMOracleTaskParameters({difficulty: 5, numGenerations: 5, numValidations: 5}),
    LLMOracleTaskParameters({difficulty: 4, numGenerations: 4, numValidations: 4})
    );

  3. Consequences: After the parameters are set incorrectly, any logic within the contract that relies on these parameters to produce or validate tasks will fail to function as intended. This could potentially:

    • Prevent the generation of new tasks.

    • Cause existing or new validations to fail.

    • Disrupt any balance or payment calculations which are contingent on task parameter constraints.

Recommended Fix

To mitigate this vulnerability and prevent exploitation, it's imperative to add validations within the setParameters function to ensure that the values for the minimumParameters do not exceed those set for maximumParameters. Here is an example of how this could be coded:

function setParameters(LLMOracleTaskParameters calldata minimums, LLMOracleTaskParameters calldata maximums)
public
onlyOwner
{
require(minimums.difficulty <= maximums.difficulty, "Min difficulty cannot exceed max difficulty");
require(minimums.numGenerations <= maximums.numGenerations, "Min generations cannot exceed max generations");
require(minimums.numValidations <= maximums.numValidations, "Min validations cannot exceed max validations");
minimumParameters = minimums;
maximumParameters = maximums;
}

Adding these checks ensures the contract logic remains coherent, functional, and prevents misuse of the contract's task management capabilities.

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.