LLMOracleCoordinator::finalizeValidation(uint256) reverts on scores where the mean is lower than its standard deviation
Summary
Function finalizeValidation(uint256) on LLMOracleCoordinator contract reverts on underflow when it is trying to subtract validation scores on a generation that have a score dataset where the mean is lower than the standard deviation.
Vulnerability Details
If the mean is lower in value than _stddev variable then this line will revert.
You may argue this is unlikely to happen but IT CAN and is fairly possible with scores where there are outliers.
Example scores: {1, 1, 1, 97}
Here the mean is 25 -> 1+1+1+97 = 100/4 = 25 - but if you calculate the standard deviation you will get a number around 42.
Same can happen on line 368 - but the probability of this happening is much lower:
https://github.com/Cyfrin/2024-10-swan-dria/blob/c8686b199daadcef3161980022e12b66a5304f8e/contracts/llm/LLMOracleCoordinator.sol#L368C1-L368C86
Impact
Protocol is bricked for cases where values in scores have a mean lower than _stddev because an underflow occurs. Validation can not be finalized - hence the HIGH severity.
Tools Used
Manual review
Recommendations
I would handle this case specifically in the function code but its up to the sponsors to decide how to handle it best.
Lead Judging Commences
Underflow in `LLMOracleCoordinator::validate`
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.