Dria

Swan

NFTHardhat

21,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Exponential fee calculation vulnerability in `LLMOracleManager` contract

zuby

Summary

The LLMOracleManager contract contains a potential logic issue in the getFee function, where the difficulty multiplier is calculated using a left shift operation. This results in an exponential increase in the fee multiplier, potentially leading to unexpectedly high fees for low difficulty values.

Vulnerability Details

The vulnerability is found in the getFee function of the LLMOracleManager contract.
https://github.com/Cyfrin/2024-10-swan-dria/blob/c8686b199daadcef3161980022e12b66a5304f8e/contracts/llm/LLMOracleManager.sol#L115

uint256 diff = (2 << uint256(parameters.difficulty));

This line uses a left shift operation, which effectively multiplies the number by 2 for each shift. The initial value is 2, so the shift operation results in 2 * 2^difficulty, which is equivalent to 2^(difficulty + 1). This creates an exponential increase in the difficulty multiplier, leading to very high fees even for relatively low difficulty values.

Impact

High Fees for Low Difficulty: The exponential scaling of fees with difficulty could result in unexpectedly high fees, deterring users from using the service or making the contract economically unviable for certain tasks.

Potential Overflow: The exponential growth of the multiplier could potentially lead to overflow issues if combined with other large numbers in the fee calculation, especially if the difficulty parameter is set to high values.

Economic Impact: The high fees could impact the economic model of the contract, affecting both users and service providers, and potentially reducing the contract's utility and effectiveness.

Lack of Intuitive Scaling: Users may expect a certain scaling behavior based on the difficulty parameter, and the current implementation might not meet those expectations, leading to confusion or dissatisfaction.

Tools Used

Manual code review

Recommendations

Clarify Intended Behavior: Determine the intended scaling behavior for the fee calculation based on the difficulty parameter.

Adjust Multiplier Calculation: If linear scaling is intended, use direct multiplication:

uint256 diff = parameters.difficulty;

If exponential scaling is desired, use a more controlled approach:

uint256 diff = 2 ** parameters.difficulty;

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

21,000 USDC

nSLOC

1,034

20 USDC / LOC

High Medium

20,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.