Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Insufficient Entropy in Proof-of-Work Nonce Validation

0xvd

Summary

The assertValidNonce function in LLMOracleCoordinator uses an insufficient source of entropy for its proof-of-work validation.

The nonce validation only includes taskId, input, requester, and responder without any timestamp or block-specific data, making it vulnerable to precomputation attacks.

Vulnerability Details

The current implementation of nonce validation:

function assertValidNonce(uint256 taskId, TaskRequest storage task, uint256 nonce) internal view {
bytes memory message = abi.encodePacked(taskId, task.input, task.requester, msg.sender, nonce);
if (uint256(keccak256(message)) > type(uint256).max >> uint256(task.parameters.difficulty)) {
revert InvalidNonce(taskId, nonce);
}
}

Issues with this implementation:

Static Input Parameters:

All inputs except nonce are known in advance

No time-based or block-based variables included

Allows offline precomputation of valid nonces

Impact

HIGH severity because:

Allows precomputation of valid nonces

Eliminates the intended proof-of-work protection

Makes spam attacks more feasible

Tools Used

Manual Review

Recommendations

Add block-specific data like block.number and block.timestamp to the nonce validation

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.