Dria

Summary

the generators and validators can register themselves as oracle by staking some amount in the contract that allows them to generate and validate oracle requests and earn some fee however due a vulnerability generators and validators will lose funds

Vulnerability Details

https://github.com/Cyfrin/2024-10-swan-dria/blob/c8686b199daadcef3161980022e12b66a5304f8e/contracts/llm/LLMOracleRegistry.sol#L117C1-L131C6

When the generator/validators call unregister in LLMRegisterOracle.sol, the code checks if their stakeAmount is greater than zero. If so, it deletes their registrations from the contract and approves their stakeAmount back; however, it does not refund the staked amount or any fees the user has accumulated back to the user. As a result, the generator/validator will lose funds, and currently, there is no function that allows them to withdraw the funds they are entitled to

Impact

loss of funds for validators/generators

Tools Used

none

Recommendations

Refund their staked amount or fee, or implement some functions that allow them to withdraw their funds