Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Incorrect settings of `generatorStakeAmount` and `validatorStakeAmount` can cause DOS

bydlife

Summary

Incorrect settings of generatorStakeAmount and validatorStakeAmount can cause DOS,when the values ​​of generatorStakeAmount and validatorStakeAmount are set to zero, it will result in a denial of service.

Vulnerability Details

When calling the LLMOracleRegistry.sol::register() function.

function register(LLMOracleKind kind) public {
uint256 amount = getStakeAmount(kind);
// ensure the user is not already registered
if (isRegistered(msg.sender, kind)) {
revert AlreadyRegistered(msg.sender);
}
// ensure the user has enough allowance to stake
if (token.allowance(msg.sender, address(this)) < amount) {
revert InsufficientFunds();
}
// @audit => 建议使用 safeTransferFrom
token.transferFrom(msg.sender, address(this), amount);
// register the user
registrations[msg.sender][kind] = amount;
emit Registered(msg.sender, kind);
}

If the values ​​of generatorStakeAmount and validatorStakeAmount are set to zero, it will result in a denial of service.

Because the value of uint256 amount = getStakeAmount(kind); is zero, the value of registrations[msg.sender][kind] = amount; will also be zero.

Even if the user successfully executes the register() function, when checked by the isRegistered() function, the returned result is false.

function isRegistered(address user, LLMOracleKind kind) public view returns (bool) {
return registrations[user][kind] != 0;
}

Impact

If the values ​​of generatorStakeAmount and validatorStakeAmount are set to zero, and the user successfully executes the register() function, then the functions modified by the onlyRegistered() modifier will not be callable, which is a denial of service.

modifier onlyRegistered(LLMOracleKind kind) {
if (!registry.isRegistered(msg.sender, kind)) {
revert NotRegistered(msg.sender);
}
_;
}

Because the value of registry.isRegistered(msg.sender, kind) is always false.

Tools Used

Manual review.

Recommendations

Limit the values ​​of generatorStakeAmount and validatorStakeAmount to not be zero.

function initialize(uint256 _generatorStakeAmount, uint256 _validatorStakeAmount, address _token)
public
initializer
{
__Ownable_init(msg.sender);
// @audit
+ require(_generatorStakeAmount != 0 && _validatorStakeAmount != 0, "Invalid stake amount");)
generatorStakeAmount = _generatorStakeAmount;
validatorStakeAmount = _validatorStakeAmount;
token = ERC20(_token);
}

function setStakeAmounts(uint256 _generatorStakeAmount, uint256 _validatorStakeAmount) public onlyOwner {
// @audit
+ require(_generatorStakeAmount != 0 && _validatorStakeAmount != 0, "Invalid stake amount");
generatorStakeAmount = _generatorStakeAmount;
validatorStakeAmount = _validatorStakeAmount;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.