Hawk High

First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Submission Details
Severity: low
Valid

giveReview’s reviewCount never bumps → 5-review limit bypass

Summary
In LevelOne.sol the 'giveReview function never increments 'reviewCount[_student]`, so the 'require(reviewCount <5)' check does nothing. Any teacher can spam bad reviews every week and keep knocking 10 points off a student’s score forever. reviewCount[_student]`

Vulnerability Details
In LevelOne.sol the function giveReview(address _student, bool review) checks require(reviewCount[_student] < 5) but never increments reviewCount[_student]. Because that counter stays at zero, the limit of 5 reviews is never enforced and a teacher can call giveReview indefinitely, draining a student’s score by 10 points each time.

Impact
A whitelisted teacher can bypass the five-review limit and continuously drain a student’s score by 10 points each week, effectively sabotaging the student’s progress and causing a DoS-like scenario. This breaks the intended business rule and is of medium severity.

Tools Used
Manual code inspection, Slither automated analysis.

Recommendations:

  • In giveReview, right after updating lastReviewTime add reviewCount[_student] += 1 so the 5-review limit is actually enforced.

  • Write unit tests that fast-forward time and verify a sixth call to giveReview reverts as expected.

  • Automate your security checks by integrating Slither into your CI pipeline to catch missing state updates early.

Updates

Lead Judging Commences

yeahchibyke Lead Judge about 1 month ago
Submission Judgement Published
Validated
Assigned finding tags:

reviewCount not updated

`reviewCount` for students is not updated after each review session

yeahchibyke Lead Judge about 1 month ago
Submission Judgement Published
Validated
Assigned finding tags:

reviewCount not updated

`reviewCount` for students is not updated after each review session

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.