Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Lack of Withdrawal Mechanism for Oracle Fees in LLMOracleCoordinator

0xekkoo

Summary

The LLMOracleCoordinator contract lacks a mechanism for oracles to withdraw the fees they have earned for generating and validating requests. While the system correctly allocates and tracks the fees owed to oracles by increasing their allowance, it fails to provide a method for these funds to be withdrawn, leading to potential financial losses for oracles and undermining their operational incentive.

Vulnerability Details

The function _increaseAllowance within the LLMOracleCoordinator is used to adjust the allowances of oracles to reflect the fees they earn during task generation and validation. However, this adjustment only increases their allowance without transferring actual funds or enabling a subsequent withdrawal.

function _increaseAllowance(address spender, uint256 amount) internal {
feeToken.approve(spender, feeToken.allowance(address(this), spender) + amount);
}

Impact

Oracles that contribute to the system by generating and validating responses are not compensated for their services, which can lead to a decrease in active participation.

Tools Used

Manual Review

Recommendations

Introduce a withdrawFees function in the LLMOracleCoordinator that allows oracles to withdraw their earned fees. This function should check the oracle's accumulated fee allowance and transfer the corresponding amount.

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.