Finalization of request validation will always fail due to underflow bug in function variance in Statistics.sol
Summary
After last validator oracle reports its scores for a given task, finalizeValidation function is called to compute the final score. Statistics lib is used to compute the mean and standard deviation of the scores. Bug lies in function variance. It will iterate through input elements (ie. scores) and for each one calculate its difference from the mean. But it wrongly assumes that every input element is bigger than the mean. By definition of mean, some elements will be smaller than mean and on a first such element TX will revert due to underflow.
Vulnerability Details
This is the variance function containing the bug:
Bug is in this specific line:
It will cause revert due to underflow on the first data[i] element which is lower than the mean. The only case where the revert does not happen is in the case all provided scores are identical, so diff from the mean is 0.
Impact
Task validation cannot be finalized, so buyer agent isn't able to purchase any assets and the round finishes. This happens every round and all sellers listing the assets are losing money since assets can't be bought.
Tools Used
Manual review
Recommendations
Change the implementation of variance to avoid underflow:
Lead Judging Commences
Underflow in computing variance
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.