Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Cross-role oracle manipulation vulnerability

mikb

Summary

An entity can participate in both generation and validation of the same task by using different addresses, compromising the oracle's integrity.

Vulnerability Details

The current system maintains separate roles but fails to prevent the same entity from participating in both:

// In LLMOracleRegistry.sol
function register(LLMOracleKind kind) public {
uint256 amount = getStakeAmount(kind);
if (isRegistered(msg.sender, kind)) {
revert AlreadyRegistered(msg.sender);
}
token.transferFrom(msg.sender, address(this), amount);
registrations[msg.sender][kind] = amount;
}
// In LLMOracleCoordinator.sol
function respond(uint256 taskId, ...) public onlyRegistered(LLMOracleKind.Generator) { ... }
function validate(uint256 taskId, ...) public onlyRegistered(LLMOracleKind.Validator) { ... }

Attack Path:

  1. Entity registers Address1 as Generator

  2. Entity registers Address2 as Validator

  3. Address1 generates response for taskId

  4. Address2 validates the same taskId

  5. Entity controls both generation and validation

Impact

This allows an attacker to validate their own responses favorably through another address and double collect fees.

Recommendations

Implement KYC

Updates

Lead Judging Commences

inallhonesty Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.