Dria

Swan
NFTHardhat
21,000 USDC
View results
Submission Details
Severity: medium
Valid

No check for the current Active Generators or Validators before requesting

Description

When requesting a given task, callers (users/BuyerAgents) provide the Parameters for there Tasks, including difficulty, Generator numbers and Validator number.

These values, which are provided using LLMOracleTaskParameters, are getting checked to not be less than the minimum and maximum Parameters.

llm/LLMOracleManager.sol#L65-L92

modifier onlyValidParameters(LLMOracleTaskParameters calldata parameters) {
if (
>> parameters.difficulty < minimumParameters.difficulty || parameters.difficulty > maximumParameters.difficulty
) { ... }
if (
>> parameters.numGenerations < minimumParameters.numGenerations
>> || parameters.numGenerations > maximumParameters.numGenerations
) { ... }
if (
>> parameters.numValidations < minimumParameters.numValidations
>> || parameters.numValidations > maximumParameters.numValidations
) { ... }
_;
}

This check is done when calling Coordinator::request().

The user can provide number of generators and number of validators for his task. The current maximum number for both is 10.

The problem is that the check just check for the minimum and maximum values. Like if there are 50 Generators and 50 Validators, not all of them can participate, just 10 of them at max.

The number of Generators and Validators is not controlled by Protocol, it is accessible to anyone. where anyone can become either a generator or a validator.

We are not storing the number of Current active generators or validators. We don't have a global variable that count them.

llm/LLMOracleRegistry.sol#L94-L111 | llm/LLMOracleRegistry.sol#L117-L131

function register(LLMOracleKind kind) public {
...
registrations[msg.sender][kind] = amount;
emit Registered(msg.sender, kind);
}
// ---------------------
function unregister(LLMOracleKind kind) public returns (uint256 amount) {
...
delete registrations[msg.sender][kind];
emit Unregistered(msg.sender, kind);
// approve its stake back
token.approve(msg.sender, token.allowance(address(this), msg.sender) + amount);
}
  • In case we have only 3 generators and the user requested 5 generators, his task will unCompletable.

  • In case we have only 3 validators and the user requested 5 validators, his task will also unCompletable.

Recommmendations

Store a global variable that calculates the number of active generators and validators, and check that the provided numbers is not exceed the number of active Oracles, besides min and max checks too.

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Validated
Assigned finding tags:

There is no guarantee that task will be completed and buyerAgent will get a response to its purchaseRequest before the round ends, but that was already paid for

Appeal created

alqaqa Submitter
8 months ago
inallhonesty Lead Judge
7 months ago
inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

There is no guarantee that task will be completed and buyerAgent will get a response to its purchaseRequest before the round ends, but that was already paid for

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.