Submission Details
Severity:
Review Count Not Tracked leading to students getting unlimited reviews
Summary
A critical vulnerability allows teachers to bypass review limits, enabling infinite review for students due to non increase in review counts.
Vulnerability Details
giveReview() function, The contract fails to increment reviewCount[_student] after each review, rendering the 5-review limit ineffective:
function giveReview(address _student, bool review) public onlyTeacher {
if (!isStudent[_student]) {
revert HH__StudentDoesNotExist();
}
// Missing reviewCount increment
require(reviewCount[_student] < 5, "Student review count exceeded!!!");
require(block.timestamp >= lastReviewTime[_student] + reviewTime, "Reviews can only be given once per week");
if (!review) {
studentScore[_student] -= 10;
}
// Update last review time
lastReviewTime[_student] = block.timestamp;
emit ReviewGiven(_student, review, studentScore[_student]);
}
Impact
🚨 System violates core "5-review" business rule
🚨 Unlimited reviews
Tools Used
Manual code analysis
Recommendations
increase review count for the student after each review
Updates
Lead Judging Commences
yeahchibyke about 1 month ago
Submission Judgement Published Assigned finding tags:
reviewCount not updated
`reviewCount` for students is not updated after each review session
yeahchibyke about 1 month ago
Submission Judgement Published Assigned finding tags:
reviewCount not updated
`reviewCount` for students is not updated after each review session
Rewards breakdown
nSLOC
243This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.