Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Incorrect fee calculation in `LLMOracleManager::getFee`

0xbrivan2

Summary

The LLMOracleManager::getFee function miscalculates buyer agent fees, resulting in higher-than-intended charges.

Vulnerability Details

The LLMOracleManager::getFee function calculates the fee that buyer agents are required to pay when making an Oracle request. The current fee calculation formula is as follows:

function getFee(LLMOracleTaskParameters calldata parameters)public view returns (uint256 totalFee, uint256 generatorFee, uint256 validatorFee) {
uint256 diff = (2 << uint256(parameters.difficulty));
generatorFee = diff * generationFee;
validatorFee = diff * validationFee;
>>> totalFee = platformFee + (parameters.numGenerations * (generatorFee + (parameters.numValidations * validatorFee)));
}

The intended fee calculation for the totalFee should be: platformFee + (num of generations * generator fee) + (num of validations * validator fee). However, the current implementation incorrectly multiplies parameters.numGenerations by (generatorFee + (parameters.numValidations * validatorFee)) rather than by generatorFee alone.

Impact

This miscalculation results in buyer agents paying higher fees than intended. If the generationFee and validationFee are set at high values, the additional fees can be considerable.

Tools Used

Manual Review

Recommendations

Update the above formula to:

totalFee = platformFee + (parameters.numGenerations * generatorFee) + (parameters.numValidations * validatorFee);
Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.