Hawk High

First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Submission Details
Severity: low
Valid

giveReview’s reviewCount never bumps → 5-review limit bypass

Summary
In LevelOne.sol the 'giveReview function never increments 'reviewCount[_student]`, so the 'require(reviewCount <5)' check does nothing. Any teacher can spam bad reviews every week and keep knocking 10 points off a student’s score forever. reviewCount[_student]`

Vulnerability Details
In LevelOne.sol the function giveReview(address _student, bool review) checks require(reviewCount[_student] < 5) but never increments reviewCount[_student]. Because that counter stays at zero, the limit of 5 reviews is never enforced and a teacher can call giveReview indefinitely, draining a student’s score by 10 points each time.

Impact
A whitelisted teacher can bypass the five-review limit and continuously drain a student’s score by 10 points each week, effectively sabotaging the student’s progress and causing a DoS-like scenario. This breaks the intended business rule and is of medium severity.

Tools Used
Manual code inspection, Slither automated analysis.

Recommendations:

  • In giveReview, right after updating lastReviewTime add reviewCount[_student] += 1 so the 5-review limit is actually enforced.

  • Write unit tests that fast-forward time and verify a sixth call to giveReview reverts as expected.

  • Automate your security checks by integrating Slither into your CI pipeline to catch missing state updates early.

Updates

Lead Judging Commences

yeahchibyke Lead Judge 17 days ago
Submission Judgement Published
Validated
Assigned finding tags:

reviewCount not updated

`reviewCount` for students is not updated after each review session

yeahchibyke Lead Judge 17 days ago
Submission Judgement Published
Validated
Assigned finding tags:

reviewCount not updated

`reviewCount` for students is not updated after each review session

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.