Dria

Summary

When calculating the standard deviation in the finalizeValidation in the Swan.sol the function reverts due to arithmetic underflow when calculating the variance in the Statistics.sol library.

Vulnerability Details

The finalizeValidation function on the last validation required for the request finalized the validation by making use of mean values and standard deviation to get a good range of scores.

Inside the finalizeValidation function we have this line of code

Inside the stddevfunction we calculate the mean and the variance, the sqrt of the vaiance returns the standard deviation.

Here is the function:

Inside the function we have the variance calculated as follows, the issue lies where the set of values in the data that was passed are either higher, lower or equal to the mean value.

The scores that are lower than the mean value would revert inside this statement uint256 diff = data[i] - mean;

Take for example a set of scores in the data array to be [4,3,7,6,4] the mean would be 4.8, in solidity 4. When calculating the variance, inside the for loop when we get to the element 3, we're trying to do a 3-4 which would simply revert.

Impact

The task Id would never get fully finalized due to the continous revert when finalizing the validation in the variance function. If this would be a buyers agent oracle purchase request that request would not be finalized and this would probably be the case for most tasks because the validation scores would be a range of values higher or lower than the mean.

Recommendations

Make use of a ternary operator to check which value is greater between the value in the data arrray and the mean, whichever is greater use that as the value to be subtracted from.