Enforcing single generation response when validations are not required in LLMOracleCoordinator
Summary
In the LLMOracleCoordinator contract, when numValidations is set to 0, multiple responses are allowed if numGenerations is greater than 1, even though only the first response is considered. This results in unnecessary generation responses, leading to inefficiency and additional fees. A solution is to avoid allowing multiple generations when no validation is required.
Vulnerability Details
The contract allows for multiple generation responses (numGenerations > 1) even when no validation (numValidations = 0) is required. In such cases, the first response is automatically used as the result, making any additional responses redundant. This can result in users paying more fees for unnecessary generation responses.
Impact
Increased Costs: Users incur unnecessary fees for extra generation responses that are not needed when
numValidations = 0.Inefficient Resource Use: The contract allows redundant responses, wasting gas and storage resources.
Confusing User Experience: Users might expect multiple generations to be evaluated, but only the first is used, leading to possible confusion.
Recommendations
To avoid unnecessary fees and improve efficiency, add a check in the request function that enforces numGenerations = 1 when numValidations = 0. This change prevents multiple generator responses when only one is needed.
This ensures users are not paying for unnecessary responses and that the contract runs efficiently when no validation is needed.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.