Submission Details
Severity:
variance will always revert.
Summary
variance will always revert as we are calculating :
@>>uint256 diff = data[i] - mean; and lets suppose
dataarray is [1,2,3,4,5,6] so mean is 21/6 is eual to 3. so we call variance function in this we are assigning
uint256 diff = data[i] - mean ,so for the first element my diff will be 1-3 equal to -2 but its a unit256 that will cause a revert.
this will cause a revert of stddev as its calling the variance function.
Vulnerability Details
function variance(uint256\[] memory data) internal pure returns (uint256 ans, uint256 mean) {
mean = avg(data);
uint256 sum = 0;
for (uint256 i = 0; i < data.length; i++) {
@>>uint256 diff = data\[i] - mean;
sum += diff \* diff;
}
ans = sum / data.length;
}
/// @notice Compute the standard deviation of the data.
/// @dev Computes variance, and takes the square root.
/// @param data The data to compute the standard deviation for.
function stddev(uint256[] memory data) internal pure returns (uint256 ans, uint256 mean) {
(uint256 _variance, uint256 _mean) = variance(data);
mean = _mean;
ans = sqrt(_variance);
}
Impact
this will cause a revert in both variance and stddev.
Tools Used
Recommendations
@>>int256 diff = data[i] - mean;
Updates
Lead Judging Commences
inallhonesty 12 months ago
Submission Judgement Published Assigned finding tags:
Underflow in computing variance
Prize pool breakdown
Total prize
21,000 USDC
nSLOC
1,03420
USDC / LOC
20,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.