Dria

Swan
NFTHardhat
21,000 USDC
View results
Submission Details
Severity: high
Invalid

Inefficiency and cost implications in LLMOracleCoordinator due to redundant generation responses

Summary

The LLMOracleCoordinator contract contains a vulnerability where, if numValidations is set to 0 and numGenerations is greater than 1, the contract allows multiple generation responses even though only the first response is utilized. This design flaw results in inefficient resource usage, increased user costs, and potential confusion. An update is necessary to restrict multiple generation responses when validation is not required.

Vulnerability Details

Context: The contract permits multiple generation responses (numGenerations > 1) even when no validations (numValidations = 0) are set. Only the first response is considered in such cases, making any additional responses superfluous.

  • Issue: Users are subjected to higher fees for redundant responses, and the smart contract unnecessarily consumes gas and storage resources.

Impact

Increased Costs: Users pay unnecessary fees for multiple responses, even though only one is needed when numValidations = 0.

  • Resource Inefficiency: Redundant generation responses waste gas and storage, reducing the efficiency of the contract.

  • User Confusion: Users may expect multiple responses to be evaluated, which isn't the case, potentially leading to misunderstandings.

Tools Used

Tests

Recommendations

Modify the request function in LLMOracleCoordinator to add a check that ensures numGenerations is limited to 1 when numValidations is 0.

Example Code Update:

function request( bytes32 protocol, bytes memory input, bytes memory models, LLMOracleTaskParameters calldata parameters ) public onlyValidParameters(parameters) returns (uint256)
{
if (parameters.numValidations == 0 && parameters.numGenerations > 1)
{ revert("numGenerations must be 1 when numValidations is 0"); } // Remaining logic
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.