Submission Details
Severity:
Uses the same revert message in different logical checks in the `LMOracleCoordinator::validate` function.
Relevant GitHub Links
Summary
Potential confusion due to error messages.
Vulnerability Details
In the LLMOracleCoordinator::validate function, the check for already responded validators uses the same revert message (AlreadyResponded) for both validation and generation participation:
function validate(uint256 taskId, uint256 nonce, uint256[] calldata scores, bytes calldata metadata)
public
onlyRegistered(LLMOracleKind.Validator)
onlyAtStatus(taskId, TaskStatus.PendingValidation)
{
/// ... The rest of code
// ensure validator did not participate in generation
for (uint256 i = 0; i < task.parameters.numGenerations; i++) {
if (responses[taskId][i].responder == msg.sender) {
@> revert AlreadyResponded(taskId, msg.sender);
}
}
// ensure validator to be unique for this task
for (uint256 i = 0; i < validations[taskId].length; i++) {
if (validations[taskId][i].validator == msg.sender) {
@> revert AlreadyResponded(taskId, msg.sender);
}
}
/// ... The rest of code
}
Impact
This could be confusing, as it might not be clear whether the revert was due to a validation participation or a generation participation.
Tools Used
Manual review.
Recommendations
Use separate revert messages for different conditions.
Prize pool breakdown
Total prize
21,000 USDC
nSLOC
1,03420
USDC / LOC
20,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.