Submission Details
Severity:
LLMOracleCoordinator will revert due to under overflow in function `finalizeValidation`
Summary
LLMOracleCoordinator will revert due to under overflow in function finalizeValidation.
Vulnerability Details
In function finalizeValidation, it first call stddevto calc _stddev and _mean.
(uint256 _stddev, uint256 _mean) = Statistics.stddev(scores);
the _stddev is Standard Deviation and the _mean is Mean.
It check the validator score, but it will revert if _mean < _stddev.
It is relatively common for the standard deviation to be greater than the mean.
for example, [5, 5, 5, 5, 50], the mean is 14 and the standard deviation is 18.
uint256 innerSum = 0;
uint256 innerCount = 0;
for (uint256 v_i = 0; v_i < task.parameters.numValidations; ++v_i) {
uint256 score = scores[v_i];
//@audit it will revert if _mean < _stddev
if ((score >= _mean - _stddev) && (score <= _mean + _stddev)) {
innerSum += score;
innerCount++;
// send validation fee to the validator
_increaseAllowance(validations[taskId][v_i].validator, task.validatorFee);
}
}
Impact
It will dos finalizeValidation and break the core functionality of contract.
Tools Used
mannul review
Recommendations
change the if condition
if ((_stddev +score >= _mean ) && (score <= _mean + _stddev))
Updates
Lead Judging Commences
inallhonesty 8 months ago
Submission Judgement Published Assigned finding tags:
Underflow in `LLMOracleCoordinator::validate`
Prize pool breakdown
Total prize
21,000 USDC
nSLOC
1,03420 USDC / LOC
20,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.