Dria

Swan

NFTHardhat

21,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Rounding Issues in Score Calculations cause user to miss Reward Distribution

helium

Summary

Rounding down in statistics contract can affect rewards eligibility.

Vulnerability Details

Integer division rounding down may cause legitimate scores that should fall within the range to be incorrectly excluded, resulting in no rewards.
For example, if _mean is 50.5 and _stddev is 10.3, Solidity rounding down changes _mean to 50 and _stddev to 10. This gives a range of [ _mean - _stddev, _mean + _stddev ] as [40, 60] instead of the more accurate [40.2, 60.8].
Scores around 40.5 or 60.5 would lie within the true range [40.2, 60.8], but due to rounding, the range [40, 60] excludes these scores, causing the condition to evaluate as false when it should be true.

See: https://github.com/Cyfrin/2024-10-swan-dria/blob/c8686b199daadcef3161980022e12b66a5304f8e/contracts/llm/LLMOracleCoordinator.sol#L338-L349

// and send rewards to validators that are within the range

uint256 innerSum = 0;

uint256 innerCount = 0;

for (uint256 v_i = 0; v_i < task.parameters.numValidations; ++v_i) {

uint256 score = scores[v_i];

if ((score >= _mean - _stddev) && (score <= _mean + _stddev)) {

innerSum += score;

innerCount++;

// send validation fee to the validator

_increaseAllowance(validations[taskId][v_i].validator, task.validatorFee);

}

https://github.com/Cyfrin/2024-10-swan-dria/blob/c8686b199daadcef3161980022e12b66a5304f8e/contracts/libraries/Statistics.sol#L8-L14

function avg(uint256[] memory data) internal pure returns (uint256 ans) {

uint256 sum = 0;

for (uint256 i = 0; i < data.length; i++) {

sum += data[i];

}

ans = sum / data.length; <- this can round down

}

https://github.com/Cyfrin/2024-10-swan-dria/blob/c8686b199daadcef3161980022e12b66a5304f8e/contracts/libraries/Statistics.sol#L25

ans = sum / data.length; <- this can also round down

Impact

Rounding down can cause an address to be ineligible for rewards while it should be

Tools Used

Recommendations

Use a higher precision representation, like fixed-point integers, by scaling values.
Alternatively, add a buffer to the range boundaries (e.g., expanding by ±1) when using integer approximations to reduce the likelihood of excluding legitimate scores due to rounding.

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Known issue

Prize pool breakdown

Total prize

21,000 USDC

nSLOC

1,034

20 USDC / LOC

High Medium

20,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.