Dria

Summary

The setStakeAmounts function in the LLMOracleCoordinator contract is vulnerable to a front-running attack. If the contract owner decides to increase the stake amounts, unregistered oracles may quickly register at the old, lower stake amount and immediately unregister to claim the difference, gaining an unfair profit.

https://github.com/Cyfrin/2024-10-swan-dria/blob/c8686b199daadcef3161980022e12b66a5304f8e/contracts/llm/LLMOracleRegistry.sol#L118

Vulnerability Details

The contract owner has the ability to modify the stake requirements for oracles by calling setStakeAmounts. However, there is a potential for front-running in this function. Suppose the owner increases the required stake amount for either generatorStakeAmount or validatorStakeAmount. In that case, a malicious user can observe the transaction and quickly register at the old stake amount. Once registered, they can call unregister to retrieve the increased stake amount approved by the updated setStakeAmounts value, thereby profiting from the discrepancy.

Impact

This vulnerability could lead to users registering at a lower stake amount and then unregistering to retrieve an increased amount. As a result, this could cause the contract to lose funds and enable malicious actors to extract profit without fulfilling the intended requirements for staking. At a bigger scale this could lead to hufge loss of funds

Tools Used

Manual review

Recommendationsµ

Implement a registration version system where each registratiopn is tracked by timestamp and each change in stakeamount is also tracked by timestamp