Summary
LLMOracleCoordinator`s validate will revert for valid reqeust due to underflow inside LLMOracleCoordinator contract
Vulnerability Details
underflow e.x. array [1,100,1]; mean = 34; stddev = 46.72; generationDeviationFactor = 1; 34 - 46*1 = -12 underflow
for (uint256 g_i = 0; g_i < task.parameters.numGenerations; g_i++) {
if (generationScores[g_i] >= mean - generationDeviationFactor * stddev) {
_increaseAllowance(responses[taskId][g_i].responder, task.generatorFee);
}
}
LLMOracleCoordinator.sol#L369
The same issue here
for (uint256 v_i = 0; v_i < task.parameters.numValidations; ++v_i) {
uint256 score = scores[v_i];
if ((score >= _mean - _stddev) && (score <= _mean + _stddev)) {
innerSum += score;
innerCount++;
_increaseAllowance(validations[taskId][v_i].validator, task.validatorFee);
}
}
LLMOracleCoordinator.sol#L343
Impact
validate function wil revert when it suppose to pass.
Tools Used
Recommendations
for (uint256 g_i = 0; g_i < task.parameters.numGenerations; g_i++) {
// ignore lower outliers
- if (generationScores[g_i] >= mean - generationDeviationFactor * stddev) {
+ if (generationScores[g_i] + generationDeviationFactor * stddev >= mean ) {
_increaseAllowance(responses[taskId][g_i].responder, task.generatorFee);
}
}