Inefficiency and cost implications in LLMOracleCoordinator due to redundant generation responses
Summary
The LLMOracleCoordinator contract contains a vulnerability where, if numValidations is set to 0 and numGenerations is greater than 1, the contract allows multiple generation responses even though only the first response is utilized. This design flaw results in inefficient resource usage, increased user costs, and potential confusion. An update is necessary to restrict multiple generation responses when validation is not required.
Vulnerability Details
Context: The contract permits multiple generation responses (numGenerations > 1) even when no validations (numValidations = 0) are set. Only the first response is considered in such cases, making any additional responses superfluous.
Issue: Users are subjected to higher fees for redundant responses, and the smart contract unnecessarily consumes gas and storage resources.
Impact
Increased Costs: Users pay unnecessary fees for multiple responses, even though only one is needed when numValidations = 0.
Resource Inefficiency: Redundant generation responses waste gas and storage, reducing the efficiency of the contract.
User Confusion: Users may expect multiple responses to be evaluated, which isn't the case, potentially leading to misunderstandings.
Tools Used
Tests
Recommendations
Modify the request function in LLMOracleCoordinator to add a check that ensures numGenerations is limited to 1 when numValidations is 0.
Example Code Update:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.