Some tasks will never be completed because of mathematical error causing underflow
Summary
In the finalizeValidationfunction, it is checked that (score >= _mean - _stddev. This can frequently underflow and cause the task to be never completed.
Vulnerability Details
In the finalizeValidationto ensure that the scores lie inside a certain window [mean-stddev,mean+stddev]the following comparisons are done
But since the stddevcan be greater than the meanthis comparison could revert due to underflow and cause the task to never complete.
For example:
Assume the scores are [1,1,1,12]:
1. The mean = (1+1+1+12)/4 = 15/4 = 3
2. The standard Deviation = sqrt(((1-3)^2 + (1-3)^2 + (1-3)^2 + (12-3)^2))/4) = sqrt((4+4+4+81)/4) = sqrt(93/4) = sqrt(23) = 4.
Thus the mean = 3, and the stddev = 4. This causes the comparison to underflow and the task to be DOS'ed.
Impact
Since this is a naturally occuring phenomenon (mean < stddev) and quite common if scores are very spread out, this can occur pretty frequently. And the impact is the task never being completed. Thus the severity should be high.
Tools Used
Manual Review
Recommendations
Ensure that mean >= stddev. If this is not the case, use 0 as the lower bounds for this comparison.
Lead Judging Commences
Underflow in `LLMOracleCoordinator::validate`
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.