Dria

Summary

LLMOracleCoordinator::assertValidNonce is supposed to make it more difficult to calculate the nonce when the corresponding TaskRequest::params::difficulty is set to a large number. However, due to the logical flaw in the code, the inverse happens. In other words, it's easier for a task with higher difficulty to come up with a nonce that passes the assertion.

Description

Proof of work mechanism is designed to protect the protocol from being spammed with responses and validations from bad actors.

In this codebase the puzzle to solve for nonce is such that

HASH(fn(nonce, task)) > UINT_MAX / (2 ^ DIFFICULTY)

Firstly we can observe that in the above inequality the following holds true for right hand side

0 < RHS <UINT_MAX

In the formula, we can see that when difficulty increases, the value of the right hand side decreases, which means there are more number of values that the left hand side can take up to satisfy the inequality. This means higher the difficulty, easier it is to find the nonce.

Impact

May potentially increase the number of spam responses and validations

Tools Used

Manual Analysis

Recommended Mitigations

One way I can think of is to reverse the logic. So make it < instead of >.