Dria

Summary

LLM oracle validator can prevent task request from being finalized by input of an arbitrary large number to a score which can prevent task request from being finalized.

Vulnerability Details

The LLM oracle validator is free to input any number to the validation score in the validatefunction in LLMOracleCoordinator.sol.

When sufficient number of validations requested by the task requester have been reached it will proceed to finalize the validation In the finalizeValidationfunction. Here, there is a use of the stddevfunction. This function uses the varianceand avgfunction internally.

Below is a snippet of the avgfunction:

As seen above, there is the uint256 sumvariable. Each of this data comes from the score inputted by the LLM oracle validator. As there is no restriction on how big or small of a number the score is, a malicious LLM oracle validator can input large number for a score such as type(uint256).max to deliberatey cause overflow in the sum variable, reverting the avg function.

Note that, the finalizeValidationis a private function only called in the validatefunction when the number of validations requested is equal to the current number of validations done on the task request. As this function cannot be called by the same validator and there is no way to edit the score or redo the validations, the task request is effectively bricked.

Impact

Malicious LLM oracle validator can brick task request from being finalized which in turn prevent task requester from getting the best response from all the LLM oracle generator in a task request. Ultimately, this prevents purchase of an asset by a buyer agent that relies on that task.

Tools Used

Manual review

Recommendations

Validate the score inputted by the LLM oracle validator in the validatefunction to a certain range, such as (0 to 1) or (0 to 100).