Generators and validators lose their rewards in LLMOracleCoordinator.sol
Summary
Users can register as generators or validators for earning rewards for their works. These rewards, along with the platform fee, are accumulated on the LLMOracleCoordinator contract, allowing users to decide when to withdraw their rewards. However, the issue lies in the fact that the platform fee is stored within the contract, and the owner of LLMOracleCoordinator can only withdraw the entire fee token balance at once, which includes all accumulated rewards of generators and validators.
Vulnerability Details
The fee token is transferred to the LLMOracleCoordinator contract whenever a user requests LLM generation:\
When a generator responds to an LLM generation or a validator validates responses, their fee token allowance increases:
Generator, validator, and platform rewards are held within the contract, creating a situation where, if the owner wishes to withdraw the platform fee, they will end up withdrawing the entire balance of fee tokens:
Impact
The rewards for generators and validators will be withdrawn by the owner of the LLMOracleCoordinator contract, resulting in their loss.
Tools Used
Manual review
Recommendations
Consider keeping track of platform rewards and withdrawing only those amounts.
Lead Judging Commences
`withdrawPlatformFees` withdraws the entire balance
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.