Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

The `LevelOne::inSession` variable doesn't set, causing that the School Session will not never being set once it begins

mosmoker

Summary

this bug happens due to the LevelOne::inSession doesn't set any where in the contract, make the school session never being set which is a critical wrong flaw, as at this point the shcool session will never end, and there will not be a new school sessions applied, no new students will be able to apply for new shcool sessions and no new teachers will be hiring.

Vulnerability Details

1- Navigate to test/LeveOnelAndGraduateTest.t.sol file.

2- Add the following PoC code to the test file:

function testIfSessionIsBeingSet() public {
// before the session starts, the students enrolled and teachers added successfully
_teachersAdded();
_studentsEnrolled();
address levelTwo = makeAddr("leveltwo");
console2.log(
"Session Status BEFORE statring the Session : ",
levelOneProxy.getSessionStatus()
);
// address levelTwo = makeAddr("leveltwo");
vm.prank(principal);
levelOneProxy.startSession(70);
console2.log(
"Session Status AFTER statring the Session : ",
levelOneProxy.getSessionStatus()
);
vm.warp(block.timestamp + 20 weeks);
vm.prank(principal);
levelOneProxy.graduateAndUpgrade(levelTwo, "");
console2.log(
"Session Status AFTER Passing 20 Weeks : ",
levelOneProxy.getSessionStatus()
);
// make sure that the 4 weeks have passed, and has exceeded the sessionEnd
assert(levelOneProxy.getSessionEnd() + 16 weeks == block.timestamp);
address student = makeAddr("student");
usdc.mint(student, schoolFees);
vm.prank(student);
vm.expectRevert(); //
levelOneProxy.enroll();
// note that student is not able to enroll because the session hasn't ended yet
assert(levelOneProxy.isStudent(student) == false);
address teacher = makeAddr("teacher");
vm.prank(principal);
vm.expectRevert(); //
levelOneProxy.addTeacher(teacher);
// note that principal is not able to add a teacher because the session hasn't ended yet
assert(levelOneProxy.isTeacher(teacher) == false);
vm.prank(principal);
vm.expectRevert(); //
levelOneProxy.startSession(70);
// note that the principal is not able to start a session because the session hasn't ended yet
}

3- In the command line, run the following command: forge test --match-test testIfSessionIsBeingSet -vvv

4- the output would be as the following :

Session Status BEFORE statring the Session : false
Session Status AFTER statring the Session : true
Session Status AFTER Passing 20 Weeks : true
Suite result: ok. 1 passed; 0 failed; 0 skipped

Impact

The shcool session will never end, and there will not be a new school sessions applied (due to no new session could be started while an exisitng session running), no new students will be able to apply for new shcool sessions and no new teachers will be hiring.

Tools Used

  • manual Recon

  • foundry test suite

Recommendations

in the LevelOne::graduateAndUpgrade function add the following check :

uint256 totalTeachers = listOfTeachers.length;
+ inSession = false;
Updates

Lead Judging Commences

yeahchibyke Lead Judge about 1 month ago
Submission Judgement Published
Validated
Assigned finding tags:

can graduate without session end

`graduateAndUpgrade()` can be called successfully even when the school session has not ended

yeahchibyke Lead Judge about 1 month ago
Submission Judgement Published
Validated
Assigned finding tags:

can graduate without session end

`graduateAndUpgrade()` can be called successfully even when the school session has not ended

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.