Dria

Summary

In the finalizeValidation function of the LLMOracleCoordinator contract, the validation process currently checks if scores fall within the range of _mean ± _stddev. However, it does not account for validationDeviationFactor, which is intended to adjust the acceptable deviation range. Without this factor, the validation range lacks flexibility, potentially affecting the validation accuracy and acceptance criteria. This update ensures that the deviation range is properly calculated as _mean ± validationDeviationFactor * _stddev.

Vulnerability Details

The range check (score >= _mean - _stddev) && (score <= _mean + _stddev) does not consider the validationDeviationFactor. As a result, the validation range is fixed to _mean ± _stddev, ignoring the intended variability from validationDeviationFactor. This omission could lead to misclassifications of valid scores, affecting validator rewards and potentially altering the distribution of funds.

https://github.com/Cyfrin/2024-10-swan-dria/blob/c8686b199daadcef3161980022e12b66a5304f8e/contracts/llm/LLMOracleCoordinator.sol#L343

Impact

• Inaccurate Validations: The lack of validationDeviationFactor restricts the flexibility of validation scoring, potentially rejecting valid scores that fall outside a narrower range.

• Improper Reward Distribution: Validators whose scores lie within a reasonable deviation range but beyond _mean ± _stddev may be improperly excluded from rewards, causing a distribution misalignment.

Tools Used

Recommendations

To account for validationDeviationFactor in the score validation range, modify the finalizeValidation function as follows:

This update ensures that only scores within _mean ± validationDeviationFactor * _stddev are accepted, improving flexibility and alignment with intended validation criteria.