Dria

Swan

NFTHardhat

21,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

The LLMOracleCoordinator::withdrawPlatformFees() function may result in the last oracles that try to withdraw their rewards, receiving much less rewards than they should

dimulski

Summary

The withdrawPlatformFees() function withdraws the whole balance of the contract, not considering whether a task has been completed.

function withdrawPlatformFees() public onlyOwner {

feeToken.transfer(owner(), feeToken.balanceOf(address(this)));

}

When a buyer agent calls the request() function, he transfer the whole fee to the LLMOracleCoordinator.sol contract. However there is no pausing mechanism implemented. If there are many buyer agents, which request responses to their tasks which require multiple generators and validators and the oracles are supposedly running proof of work algorithms it may take some time for all of the oracles to provide response. In the finalizeValidation() function, which is called after the required amount of generators and validators has provided a response, the rewards for each generator and validator are increased if their provided a score that is close enough to the mean of all the provided scores. However the funds are not directly sent to them, but their allowance is increased via the _increaseAllowance() function. This issue doesn't describe a malicious owner withdrawing funds which they are not supposed to, it decribes an issue where there is no perfect time that the withdrawPlatformFees() function can be called in order to collect the protocol fees. It is true that the allowance is increased but it only takes for the withdrawPlatformFees() function to be called at a worng time once, and the whole accounting will become incorect. The last oracles that try to withdraw their rewards won't be able to do so, as there won't be enough tokens in the contract.

Vulnerability Details

Impact

The last generators and validators to withdraw their rewards, will most probably receive less funds than they should.

Tools Used

Manual review

Recommendations

Consider introducing a variable that is increased with the proper amount that the protocol should withdraw after a task has been completed. Keep track of the total fee the buyer agent sent to the `LLMOracleCoordinator.sol`` contract, then before a task is completed subtract the amounts that should be sent to the generators and validators. Allow the protocol to withdraw only this amount.

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago

Submission Judgement Published

Validated

Assigned finding tags:

`withdrawPlatformFees` withdraws the entire balance

Prize pool breakdown

Total prize

21,000 USDC

nSLOC

1,034

20 USDC / LOC

High Medium

20,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.