assertvalidnonce will revert when difficulty is 10
Summary
in the LLMOracleCoordinator.sol the assertvaidnonce function first creates a hash of the concatenated message (which includes the taskId, input, requester, sender, and nonce It converts the hashed message to a uint256 value and compares it to a threshold. The threshold is determined by the difficulty parameter.
If the hash value is greater than this threshold, it indicates that the nonce is invalid based on the difficulty requirement
Vulnerability Details
The threshold for valid hashes is calculated using a right bitwise shift based on the difficulty parameter:
This operation effectively divides the maximum possible uint256 value by 2difficulty
For difficulty = 10, the threshold becomes approximately 2**246 meaning that only hashes lower than this value are considered valid.
The computed hash can exceed the threshold if it falls into the upper half of possible hash values. Given that the output of the Keccak-256 hash is uniformly distributed, it’s statistically likely that some hashes will be above
2**246
also setting difficulty is permissionless anyone an set the difficulty from 1 to 10
Impact
unecessary revert
Tools Used
Recommendations
remove the check
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.