Task scores provided by validators are not checked to be in the acceptable range
Summary
Validators' job is to assign scores to the generators' responses. Scores are provided into the validate function of the oracle coordinator. Rewards are assigned to generators and validators based on the mean and standard deviation of the scores. For that reason it is important that mean and std dev cannot be manipulated by ie. validator providing (maliciously or accidentally) outsized score values like the max value of uint256. Coordinator should check that all scores are within some pre-defined acceptable range. That check is missing right now.
Vulnerability Details
It is also stated in the validate natspecs that score values should be checked against the maximum score, however, check is not implemented.
Impact
A validator can impact the outcome of validation, like reward eligibility and final task output, by posting outsized scores and thus moving the mean and std dev.
Tools Used
Manual review
Recommendations
Implement check that all scores are within acceptable range
Lead Judging Commences
Unbounded score values in `validate` function
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.