Submission Details
Severity:
getBestResponse function updates the response unintentionally
Summary
When getBestResponseis called, it updates the responses[taskId]array for no reason, corrupting the array in the process.
Vulnerability Details
The resultvariable is taken as storage instead of memory, which causes the taskResponses[0] to be updated each time in the loop. This causes data corruption in the responses[taskId]array.
function getBestResponse(uint256 taskId) external view returns (TaskResponse memory) {
TaskResponse[] storage taskResponses = responses[taskId];
// ensure that task is completed
if (requests[taskId].status != LLMOracleTask.TaskStatus.Completed) {
revert InvalidTaskStatus(taskId, requests[taskId].status, LLMOracleTask.TaskStatus.Completed);
}
// pick the result with the highest validation score
TaskResponse storage result = taskResponses[0];
uint256 highestScore = result.score;
for (uint256 i = 1; i < taskResponses.length; i++) {
if (taskResponses[i].score > highestScore) {
highestScore = taskResponses[i].score;
result = taskResponses[i];
}
}
return result;
}
Impact
No impact as such, but could cause frontend issues when collecting data.
Tools Used
Manual Review
Recommendations
Use memory instead of storage.
Prize pool breakdown
Total prize
21,000 USDC
nSLOC
1,03420 USDC / LOC
20,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.