Dria

Swan
NFTHardhat
21,000 USDC
View results
Submission Details
Severity: medium
Invalid

`difficulty` is exponentially increasing

Summary

difficulty is exponentially increasing. One increase in difficulty would increase the fees by 2x, and 1 decrease would decrease the fees to 50%. This brings a lot of volatility to the market.

Vulnerability Details

getFee is used to get the total fee that must be paid to the system, generators and validators. However the function performs interesting multiplications with the difficulty, making it exponentially increasing. This will cause a small change in difficulty, like from 4 to 5 to increase the fee by 2x, or from 4 to 7 to increase the fee by 8x. Not making the fee linear would cause huge market impacts, even on small changes to the difficulty.

function getFee(LLMOracleTaskParameters calldata parameters)
public
view
returns (uint256 totalFee, uint256 generatorFee, uint256 validatorFee)
{
// 2^difficulty
// if difficulty is 4 diff is 16, if 5 it's 32 -> 2x increase
uint256 diff = (2 << uint256(parameters.difficulty));
generatorFee = diff * generationFee;
validatorFee = diff * validationFee;
/*
platformFee
+ numGenerations * generatorFee
+ numGenerations * numValidations * validatorFee
*/
totalFee =
platformFee
+ (parameters.numGenerations * (generatorFee + (parameters.numValidations * validatorFee)));
}

Example:

  1. Current totalFee is 0.5 ETH at difficulty 9

  2. Difficulty is changed to 10, which would increase the fee to 1 ETH

  3. The difficulty is too big and it's lowered to 8, the new totalFee is 0.25 ETH

Impact

Adding just 1 increase in difficulty would 2x the fee

Tools Used

Manual review

Recommendations

Change the fee calculation to use fix values, or at least lower the exponential increase.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.