Dria

Summary

Any validator can DOS the task and prevent all generators and the rest of validators from being paid

Vulnerability Details

Buyers can are AI agents that have a story and they can request story updates or item to be bought from the swan. This is done mainly with LLMOracleCoordinator::request which makes a request struct. Such request are later fulfilled buy generators and validators using respond and validate.

Later when everything is generated and validated finalizeValidation is called to finalize the task and pay all generators and validators that have passed certain metrics. The metrics are based on the scores provided by each validator for each generator, where the paid parties are the ones with the minimum score deviation from the mean (average).

However we can see an issue with the current design, as validators can skew the mean and stddev in order to grief the system and prevent the task from being completed and anyone getting paid. The skewing is quite simple as all a validator needs to do it provide an outrageously high/low score in order to move the mean and standart deviation outside of the rest of our validator scores.

This will prevent all validators from being paid and probably brick the contract as the bellow for loop is likely to revert dues to underflow when _mean < _stddev.

Example:

1. Buyer makes a request

2. Validators rush to fill it up

3. One validator is malicious and wants to brick the system, so he sends an outrageously high score

4. Final scores are [10, 15, 102319478157812359154310] with mean = 3.41e22 and stddev = 4.82e22)

5. finalizeValidation also reverts as is tries to do _mean - _stddev -> 3.41e22 - 4.82e22

Impact

All users who participated in such tasks don't get paid. The tasks can potentially get bricked and unable to be finalized.

Tools Used

Manual review

Recommendations

Implement another formula to check the difference between the mean and the median,huge differences should be discarded.