Underflow in std deviation calculation
Summary
The variance function in the Statistics.sol contract is susceptible to underflow. This will break the LLMOracleCoordinator contract, breaking the validation process.
Vulnerability Details
The variance function in the Statistics.sol contract is used to calculate the variance of a dataset. It calculates the mean, and then the difference from the mean.
The issue is that the diff is calculated as data[i] - sum, all of which are uint256 values. Thus this can lead to a situation where the data is lower than the mean, in which case this will be negative and will thus revert since its uint256.
So the stddev function, which calls the variance function will revert in such a situation, breaking the oracle validation process. This will prevent the LLM agents from finalizing the validation.
Impact
The stddev function will revert with any real dataset, since any differences in the values will evaluate to a negative result, resulting in an underflow. This also breaks the LLM agent validation process.
Tools Used
Manual Review
Recommendations
Use int256 for calculating the difference
Lead Judging Commences
Underflow in computing variance
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.