Submission Details
Severity:
LLMOracleCoordinator`s validate will revert for valid reqeust due to underflow inside LLMOracleCoordinator contract
Summary
LLMOracleCoordinator`s validate will revert for valid reqeust due to underflow inside LLMOracleCoordinator contract
Vulnerability Details
underflow e.x. array [1,100,1]; mean = 34; stddev = 46.72; generationDeviationFactor = 1; 34 - 46*1 = -12 underflow
for (uint256 g_i = 0; g_i < task.parameters.numGenerations; g_i++) {
// ignore lower outliers
if (generationScores[g_i] >= mean - generationDeviationFactor * stddev) {
_increaseAllowance(responses[taskId][g_i].responder, task.generatorFee);
}
}
The same issue here
for (uint256 v_i = 0; v_i < task.parameters.numValidations; ++v_i) {
uint256 score = scores[v_i];
if ((score >= _mean - _stddev) && (score <= _mean + _stddev)) { // @audit underflow
innerSum += score;
innerCount++;
// send validation fee to the validator
_increaseAllowance(validations[taskId][v_i].validator, task.validatorFee);
}
}
Impact
validate function wil revert when it suppose to pass.
Tools Used
Recommendations
for (uint256 g_i = 0; g_i < task.parameters.numGenerations; g_i++) {
// ignore lower outliers
- if (generationScores[g_i] >= mean - generationDeviationFactor * stddev) {
+ if (generationScores[g_i] + generationDeviationFactor * stddev >= mean ) {
_increaseAllowance(responses[taskId][g_i].responder, task.generatorFee);
}
}
Updates
Lead Judging Commences
inallhonesty 8 months ago
Submission Judgement Published Assigned finding tags:
Underflow in `LLMOracleCoordinator::validate`
Prize pool breakdown
Total prize
21,000 USDC
nSLOC
1,03420 USDC / LOC
20,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.