Preventing underflow in validation score threshold calculation by ensuring safe subtraction
Summary
The finalizeValidation function in the LLMOracleCoordinator contract calculates a threshold for awarding generator fees based on a comparison of mean - generationDeviationFactor * stddev. If mean is smaller than generationDeviationFactor * stddev, this subtraction will cause an underflow, leading to an unintended revert. Implementing a conditional check to ensure safe subtraction prevents this issue.
Vulnerability Details
In the line if (generationScores[g_i] >= mean - generationDeviationFactor * stddev), if mean is less than generationDeviationFactor * stddev, the subtraction operation will cause an underflow, resulting in an automatic transaction revert. Since uint256 cannot represent negative values, performing unchecked subtraction between these variables could lead to reverts even when this was not the intended condition.
Impact
Unexpected Transaction Reverts: This underflow can lead to transaction reverts, disrupting the reward distribution process in
finalizeValidationand preventing completion of the validation phase.Interruptions in Contract Logic: The unintended reverts disrupt the contract’s logic and prevent the smooth processing of LLM generation and validation tasks.
Tools Used
Recommendations
To prevent the underflow, modify the finalizeValidation function to check if mean is greater than or equal to generationDeviationFactor * stddev before performing the subtraction. Here’s the recommended code:
This fix ensures that the threshold calculation avoids underflow, making the finalizeValidation function resilient to all valid inputs.
Lead Judging Commences
Underflow in `LLMOracleCoordinator::validate`
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.