The vulnerability identified arises from the inadequate design of the assertValidNonce
function, used by both responders and validators. The function fails to incorporate critical information (such as specific responses or scores) when verifying proof-of-work, enabling malicious actors to pre-mine valid nonce values. This flaw poses a significant risk, allowing attackers to validate multiple requests in a single transaction, jeopardizing the integrity of the validation process, and unfairly claiming validation fees.
Location: The issue is found in the assertValidNonce
function, which validates nonce submissions for both tasks and validations.
Description: The current implementation of assertValidNonce
uses the task ID, input, requester, message sender, and nonce to compute and verify a hash. It omits unique task data like responses or scores in its calculations, making it vulnerable to pre-mining.
Attack Window: Because the nonce computation lacks specificity to each validation or response, an attacker has the opportunity to pre-compute valid nonce values before responses are submitted. The time between task request creation and the final response provides the attacker with ample opportunity to generate these nonces.
Exploitation: A malicious actor can:
Pre-mine nonce values across multiple potential sender addresses during the open-window phase of a task.
Use a single transaction to rapidly register, validate using pre-mined nonces, and withdraw deposits, cycling this process to monopolize validation fees.
POC
This POC demonstrates how a malicious actor can exploit the nonce pre-mining vulnerability in the LLMOracleCoordinator
contract to usurp validation fees. By pre-computing valid nonces prior to task responses, an attacker can systematically validate tasks using multiple addresses in a single transaction, thereby claiming unfair validation rewards.
Initial Setup:
A task is created and entered into the PendingGeneration
status.
Pre-mining Valid Nonces:
The attacker calculates potential nonce values for the task using known inputs (taskId
, task.input
, task.requester
) and varying addresses (msg.sender
):
The process involves iterating over a list of controlled or test addresses, finding at least one valid nonce for each.
Simultaneous Registration and Validation:
Upon identification of valid nonces, the attacker bundles the following operations into a single transaction:
Register each address as a validator.
Use the pre-computed valid nonces to validate the task.
Withdraw any deposits to minimize locking funds.
Rapid Execution:
Using this loop structure executed within a single transaction, the attacker efficiently captures validation fees across multiple addresses without leaving room for genuine validators to participate.
The primary impact is financial. An attacker can illegitimately claim the majority or entirety of validation fees, depriving honest validators of their rightful earnings.
Foundry
Enhance the nonce validation by including more data specific to the task in the proof-of-work calculation (e.g., incorporating responses or scores). This ensures each nonce is tightly coupled to its corresponding task validation.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.