Submission Details
Severity:
`Statistics::variance()` will always revert, leading to DoS of the task validation mechanism
Summary
Statistics::variance() will always revert due to assuming that `data[i] - mean` will always return positive number
Vulnerability Details
The function looks like this:
function variance(uint256[] memory data) internal pure returns (uint256 ans, uint256 mean) {
mean = avg(data);
uint256 sum = 0;
for (uint256 i = 0; i < data.length; i++) {
uint256 diff = data[i] - mean;
sum += diff * diff;
}
ans = sum / data.length;
}
It is meant to get the average of all of the numbers in the provided array. The problem here is that at least 1 number from the data array will be less than the mean variable, leading it to revert everytime it is called
Impact
It leads to DoS for LLMOracleCoordinator::finalizeValidation(), which leads to DoS for the task validation mechanism
Tools Used
Manual review
Recommendations
change the diffvariable from uint256 to int256, like this:
function variance(uint256[] memory data) internal pure returns (uint256 ans, uint256 mean) {
mean = avg(data);
uint256 sum = 0;
for (uint256 i = 0; i < data.length; i++) {
- uint256 diff = data[i] - mean;
+ int256 diff = data[i] - mean;
sum += diff * diff;
}
ans = sum / data.length;
}
Updates
Lead Judging Commences
inallhonesty 12 months ago
Submission Judgement Published Assigned finding tags:
Underflow in computing variance
Prize pool breakdown
Total prize
21,000 USDC
nSLOC
1,03420
USDC / LOC
20,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.