Submission Details
Severity:
When calculating the difference, no size judgment is performed, which will cause rollback.
Summary
contracts/llm/LLMOracleCoordinator.sol
In the avg function, the calculation of the diff parameter may cause rollback due to the subtraction operation, which will affect the normal operation of the function and make the protocol unable to operate normally.
Vulnerability Details
Here are the affected functions
function variance(uint256[] memory data) internal pure returns (uint256 ans, uint256 mean) {
mean = avg(data);
uint256 sum = 0;
for (uint256 i = 0; i < data.length; i++) {
uint256 diff = data[i] - mean;
sum += diff * diff;
}
ans = sum / data.length;
}
For example:
data = [1, 3, 3, 3, 2];
mean = 2;
while i = 0
uint256 diff = data[i] - mean = 1 - 2 (ERROR!)
Impact
This problem affects the normal operation of the function and makes the protocol unable to operate normally.
Tools Used
Recommendations
It is recommended to calculate the relative value and determine the size first when subtracting
function variance(uint256[] memory data) internal pure returns (uint256 ans, uint256 mean) {
mean = avg(data);
uint256 sum = 0;
for (uint256 i = 0; i < data.length; i++) {
uint256 diff;
if (data[i] > mean) {
diff = data[i] - mean;
} else {
diff = mean - data[i];
}
sum += diff * diff;
}
ans = sum / data.length;
}
Updates
Lead Judging Commences
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
Underflow in computing variance
Prize pool breakdown
Total prize
21,000 USDC
nSLOC
1,03420 USDC / LOC
20,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.