Dria

Summary

The LLMOracleManager contract includes a function getFee that computes the totalFee payable by a requester to the protocol, as well as to validators and generators. However, a significant concern arises when the difficulty parameter is set to a high value, which can lead to excessively high fees. This could undermine user trust in the protocol due to the unpredictability and potential unaffordability of the costs associated with transactions.

Vulnerability Details

To illustrate the potential vulnerability, consider the following parameters:

1. Parameters:

   • Difficulty Value: 50

   • Platform Fee: 1e9

   • Validator Fee: 1e9

   • Generator Fee: 1e9

2. Fee Calculation:
   The total fee can be calculated as follows:
   $$
   \text{totalFee} = \text{platformFee} + \left(\text{numGenerations} \times \left(\text{generatorFee} + \left(\text{numValidations} \times \text{validatorFee}\right)\right)\right)
   $$
   Substituting in the values:
   $$
   \text{totalFee} = 1 \times 10^9 + 10 \times \left(2^{50} \times 1 \times 10^9 + \left(10 \times 2^{50} \times 1 \times 10^9\right)\right)
   $$

3. Total Fee Calculation:
   Simplifying the above expression:
   $$
   \text{totalFee} = 1 \times 10^9 + 10 \times \left(1 \times 10^{24} + 10 \times 1 \times 10^{24}\right)
   $$
   $$
   = 1 \times 10^9 + 10 \times 11 \times 10^{24}
   $$
   $$
   = 1 \times 10^9 + 110 \times 10^{24}
   $$
   The computed totalFee is astronomically high, approximately:
   $$
   \text{totalFee} \approx 110 \times 10^{24} + 1 \times 10^{9} \approx 1.1 \times 10^{26}
   $$

Impact

The extremely high fee resulting from a high difficulty value could lead to:

• User Distrust: Users may perceive the protocol as costly and unpredictable, deterring engagement.

Tools Used

Manual Review

Recommendations

Introduce a maximum allowable value for the totalFee. This will prevent situations where fees grow beyond a manageable level due to high difficulty.

For example, a cap could be set as follows: