Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Variance formula is biased leading to incorrect outlier detection

johny7173

Summary

The calculation of the variance by dividing the sum of squared differences by N, rather than N-1, introduces a bias in the estimation.

Vulnerability Details

The ans in the variance function is divided by data.length instead of data.length - 1.

function variance(uint256[] memory data) internal pure returns (uint256 ans, uint256 mean) {
mean = avg(data);
uint256 sum = 0;
for (uint256 i = 0; i < data.length; i++) {
uint256 diff = data[i] - mean;
sum += diff * diff;
}
ans = sum / data.length;
}

Impact

The result of variance, which affects the stddev, is biased. That leads to the calculation of the outliers of on the finalizeValidation function to be biased, potentially leading to not rewarding validators due to biased results of stddev.

function finalizeValidation(uint256 taskId) private {
...
// compute the mean and standard deviation
(uint256 _stddev, uint256 _mean) = Statistics.stddev(scores);
...
if ((score >= _mean - _stddev) && (score <= _mean + _stddev)) {
innerSum += score;
innerCount++;
// send validation fee to the validator
_increaseAllowance(validations[taskId][v_i].validator, task.validatorFee);
}
}
...
}

Tools Used

Manual Review

Recommended Mitigation

Adjust the variance function to calculate the ans by dividing with data.length - 1 according to Bessel's correction to avoid bias in the result. Source

function variance(uint256[] memory data) internal pure returns (uint256 ans, uint256 mean) {
mean = avg(data);
uint256 sum = 0;
for (uint256 i = 0; i < data.length; i++) {
uint256 diff = data[i] - mean;
sum += diff * diff;
}
- ans = sum / data.length;
+ ans = sum / (data.length - 1);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.