Task request may be bricked due to possible underflow revert in the variance function
Summary
The variancefunction in Statistics.solmay revert due to underflow which can prevent task request from being finalized and LLM oracle validator from receiving their rewards.
Vulnerability Details
The variancefunction in Statistics.solsubtracts each data by the mean of the data. It's likely that there will be a case when there is a data smaller than the mean of the data. When that happened, it causes underflow and revert the function.
Impact
The variancefunction is used by stddevfunction which is used in the finalizeValidationfunction which is used to finalize validation of a task request. If the variancefunction reverts this will prevent a task request from being finalized. This in turn, causes LLM oracle validator to not receive rewards for the validation they have done. Furthermore, the task requester cannot tell which is the best response of the task request. Ultimately, this prevents purchase of an asset by a buyer agent that relies on that task.
POC
Below is a snippet of the variancefunction:
Consider this scenario:
data = [1, 5, 8, 12]
mean = ( 1+5+8+12 ) / 4 = 6.5 -> 6 (Due to rounding down in Solidity)
As seen above, there is a number where it is smaller than the mean (1 and 5). Hence, when this array of data is used in the variancefunction, it will try to subtract this number with the mean and it will revert due to underflow.
Tools Used
Manual review
Recommendations
Handle the case if the data is smaller than the mean:
Lead Judging Commences
Underflow in computing variance
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.