Submission Details
Severity:
Statistics.sol::variance() calculation error
Summary
Statistics.sol::variance() may revert because the value of data[i] is less than the value of mean.
Vulnerability Details
When calculating the variance of the parameter data, the value of data[i] will fluctuate around the value of mean. If the value of data[i] is less than mean, it will be reverted.
Impact
The LLMOracleCoordinator.sol::finalizeValidation() function may not run, resulting in a DOS error.
Tools Used
Manual review.
Recommendations
It is necessary to compare the value of data[i] with the value of mean and perform different processing according to different situations.
function variance(uint256[] memory data) internal pure returns (uint256 ans, uint256 mean) {
mean = avg(data);
uint256 sum = 0;
for (uint256 i = 0; i < data.length; i++) {
// @audit => This is not safe, data[i] - mean can be negative.
+ if(data[i] < mean) {
+ uint256 diff = mean - data[i];
+ } else {
+ uint256 diff = data[i] - mean;
+ }
- //uint256 diff = data[i] - mean;
sum += diff * diff;
}
ans = sum / data.length;
}
Updates
Lead Judging Commences
inallhonesty 10 months ago
Submission Judgement Published Assigned finding tags:
Underflow in computing variance
Prize pool breakdown
Total prize
21,000 USDC
nSLOC
1,03420 USDC / LOC
20,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.