Summary

Statistics.variance : Subtraction will underflow in almost every case, with the exception when all items in dataare the same.

Vulnerability Details

In this L22 , the variance is computing the sum ofdiff^2 between each data point and the mean. However, the diffis calculated from data[i] - mean which can underflow. This is due to the fact that the mean is the avg value, so it will be greater than the minimum data point. For example, if the data points are: [1,2,3], then the mean will be 2. Then 1-2 will revert due to 0.8.xx's default safe math.

Hence the L22 will cause a revert (in almost every case).

Impact

Functions that rely on variancewill not work in almost every case. This includes the core function validate in LLMOracleCoordinator.sol, which means that the LLM oracle will not be able to validate the request Id at all.

Tools Used

Manual Review

Recommendations

• Do a conditional if-else check to compute the absolute difference i.e. uint256 diff = data[i] > mean ? data[i] - mean : mean - data[i]

• Alternatively, you can try using int256, with slightly smaller value bounds