Hawk High

First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Submission Details
Severity: low
Valid

Review Count Not Tracked leading to students getting unlimited reviews

Summary

A critical vulnerability allows teachers to bypass review limits, enabling infinite review for students due to non increase in review counts.

Vulnerability Details

giveReview() function, The contract fails to increment reviewCount[_student] after each review, rendering the 5-review limit ineffective:

function giveReview(address _student, bool review) public onlyTeacher {
if (!isStudent[_student]) {
revert HH__StudentDoesNotExist();
}
// Missing reviewCount increment
require(reviewCount[_student] < 5, "Student review count exceeded!!!");
require(block.timestamp >= lastReviewTime[_student] + reviewTime, "Reviews can only be given once per week");
if (!review) {
studentScore[_student] -= 10;
}
// Update last review time
lastReviewTime[_student] = block.timestamp;
emit ReviewGiven(_student, review, studentScore[_student]);
}

Impact

  • 🚨 System violates core "5-review" business rule

  • 🚨 Unlimited reviews

Tools Used

  • Manual code analysis

Recommendations

increase review count for the student after each review

Updates

Lead Judging Commences

yeahchibyke Lead Judge 15 days ago
Submission Judgement Published
Validated
Assigned finding tags:

reviewCount not updated

`reviewCount` for students is not updated after each review session

yeahchibyke Lead Judge 15 days ago
Submission Judgement Published
Validated
Assigned finding tags:

reviewCount not updated

`reviewCount` for students is not updated after each review session

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.