Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

StakeAmounts values on LLMOracleRegistry can be zero, if this value is used it leads to Inconsistencies on emited events on LLMOracleRegistry::register and responses from LLMOracleRegistry::isRegistered

0xw3

Summary

LLMOracleRegistry allows generatorStakeAmount and validatorStakeAmount values to be zero.
If this value is used it leads to Inconsistencies on emited events when calling LLMOracleRegistry::register and responses from LLMOracleRegistry::isRegistered

Vulnerability Details

This occours because register will emit event of registration when amount is zero:

function register(LLMOracleKind kind) public {
uint256 amount = getStakeAmount(kind); // will return 0
// ... snippet check oracle is not registered and token allowance
token.transferFrom(msg.sender, address(this), amount);
// register the user
registrations[msg.sender][kind] = amount;
=> emit Registered(msg.sender, kind);
}

So, for offchain listeners it will emit a registration of an oracle
But when calling LLMOracleRegistry::isRegistered will return False:

function isRegistered(address user, LLMOracleKind kind) public view returns (bool) {
return registrations[user][kind] != 0;
}

The following proof of concept sets StakeAmounts to zero
Calls register to show event is fired but isRegistered returns false

Add this test case in test/LLMOracleRegistry.test.ts

it("AAA inconsistencies when stakeAmount is zero on register and isRegistered", async function () {
await oracleRegistry.connect(dria).setStakeAmounts(0,0);
console.log("generatorStakeAmount ",await oracleRegistry.generatorStakeAmount());
await expect(oracleRegistry.connect(oracle).register(OracleKind.Generator))
.to.emit(oracleRegistry, "Registered")
.withArgs(oracle.address, OracleKind.Generator);
console.log(await oracleRegistry.isRegistered(oracle.address, OracleKind.Generator));
});

Impact

Inconsistencies between register fired events and isRegistered, probability is low

Tools Used

Manual Review

Recommendations

Require amount !=0 in LLMOracleRegistry::register, LLMOracleRegistry::setStakeAmounts and in LLMOracleRegistry::initialize for generatorStakeAmount, validatorStakeAmount vars

Updates

Lead Judging Commences

inallhonesty Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.