Submission Details
Severity:
Review Count Not Tracked leading to students getting unlimited reviews
Summary
A critical vulnerability allows teachers to bypass review limits, enabling infinite review for students due to non increase in review counts.
Vulnerability Details
giveReview() function, The contract fails to increment reviewCount[_student] after each review, rendering the 5-review limit ineffective:
function giveReview(address _student, bool review) public onlyTeacher {
if (!isStudent[_student]) {
revert HH__StudentDoesNotExist();
}
// Missing reviewCount increment
require(reviewCount[_student] < 5, "Student review count exceeded!!!");
require(block.timestamp >= lastReviewTime[_student] + reviewTime, "Reviews can only be given once per week");
if (!review) {
studentScore[_student] -= 10;
}
// Update last review time
lastReviewTime[_student] = block.timestamp;
emit ReviewGiven(_student, review, studentScore[_student]);
}
Impact
🚨 System violates core "5-review" business rule
🚨 Unlimited reviews
Tools Used
Manual code analysis
Recommendations
increase review count for the student after each review
Updates
Lead Judging Commences
yeahchibyke 15 days ago
Submission Judgement Published Assigned finding tags:
reviewCount not updated
`reviewCount` for students is not updated after each review session
yeahchibyke 15 days ago
Submission Judgement Published Assigned finding tags:
reviewCount not updated
`reviewCount` for students is not updated after each review session
Rewards breakdown
nSLOC
243This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.