Validator not able to submit scores and finalize the validation
Summary
After the last validator oracle reports its scores for a given task, finalizeValidation function is called to compute the final score. Function will check for each validator if their scores are within 1 standard deviation away from the mean:
There is an implicit assumption here that mean is greater than stddev, because if it is not, score >= _mean - _stddev check will underflow and TX will revert.
Vulnerability Details
Let's say number of validators is 3:
1st validator assigns score
1to a task2nd validator assigns score
100last validator wants to give score of
20and implicitly finalize the validation
The last validators' TX will revert due to underflow, because for a set (1, 20, 100) mean = 40 and stddev = 42. Actually last validator is forced to assign a score within a limited of range [25, 385] if validation is to be finalized and rewards distributed.
That also means that ie. 2nd validator in this case can assign a specific score, knowing that it will limit the scoring options available to the last validator. Even if all validators are honest same situation can happen due to differences in how they see the LLM generations should be scored.
Impact
Due to this bug not all scoring outcomes are possible and that impacts the fairness of final scoring and reward distribution.
Tools Used
Manual review
Recommendations
Change implementation to avoid underflow, ie. skip lower outlier check if stddev is higher than mean
Lead Judging Commences
Underflow in `LLMOracleCoordinator::validate`
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.