`LLMOracleRegistry::validate` lacks checks sanity checks on `scores`
Summary
A malicious validator can pass in incorrect score as it is not being sanitized.
Vulnerability Details
The protocol allows anyone to become a validator via LLMOracleRegistry::register function, it must be noted that there is no whitelisting mechanism or a way to remove oracles by the admins.
Malicious actor can register themselves as validator and fairly perform the Proof-of-Work nonce but pass an incorrect score in LLMOracleCoordinator::validate function as it lacks enough checks.
Such actors can actually keep on listening for others calling LLMOracleCoordinator::validate function and just pass a mean score. This allows them to actually not do any work other than calculating nonce.
Impact
Malicious validators would pass incorrect scores affecting the outcome
Tools Used
Manual Review
Recommendations
Introduce whitelisting in LLMOracleRegistry.
Lead Judging Commences
Unbounded score values in `validate` function
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.