Dria

Swan

NFTHardhat

21,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Missing Owner Initialization in`LLMOracleManager::__LLMOracleManager_init` Function

chaossr

Summary

The __LLMOracleManager_init function in the LLMOracleManager contract does not set the contract owner upon initialization. While the contract inherits from OwnableUpgradeable, the owner should be established during the initialization process to ensure that ownership and access control mechanisms are correctly enforced.

Vulnerability Details

The __LLMOracleManager_init function is intended to initialize the contract's state but lacks a call to set the owner

Since OwnableUpgradeable requires the owner to be set for proper access control, failing to do so could lead to unauthorized access or unintended behavior in functions that depend on owner permissions. This oversight can potentially allow a contract to remain without a valid owner, leading to a loss of control over sensitive contract functionalities.

Impact

Without a valid owner, functions restricted to the owner, such as setFees and setParameters, are inaccessible.

Tools Used

manual review

Recommendations

To rectify this issue, the __LLMOracleManager_init function should call the __Ownable_init function from the OwnableUpgradeable contract to establish the owner correctly

function __LLMOracleManager_init(address owner, uint256 _platformFee, uint256 _difficulty, uint256 _validationFee)

internal

onlyInitializing

{

__Ownable_init(msg.sender); // Set the owner during initialization

// or use this

__Ownable_init(owner); // Set the owner during initialization

minimumParameters = LLMOracleTaskParameters({difficulty: 1, numGenerations: 1, numValidations: 0});

maximumParameters = LLMOracleTaskParameters({difficulty: 10, numGenerations: 10, numValidations: 10});

validationDeviationFactor = 2;

generationDeviationFactor = 1;

setFees(_platformFee, _difficulty, _validationFee);

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago

Submission Judgement Published

Invalidated

Reason: Known issue

Prize pool breakdown

Total prize

21,000 USDC

nSLOC

1,034

20 USDC / LOC

High Medium

20,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.