Summary
In LevelOne.sol the 'giveReview function never increments 'reviewCount[_student]`, so the 'require(reviewCount <5)' check does nothing. Any teacher can spam bad reviews every week and keep knocking 10 points off a student’s score forever. reviewCount[_student]`

Vulnerability Details
In LevelOne.sol the function giveReview(address _student, bool review) checks require(reviewCount[_student] < 5) but never increments reviewCount[_student]. Because that counter stays at zero, the limit of 5 reviews is never enforced and a teacher can call giveReview indefinitely, draining a student’s score by 10 points each time.

Impact
A whitelisted teacher can bypass the five-review limit and continuously drain a student’s score by 10 points each week, effectively sabotaging the student’s progress and causing a DoS-like scenario. This breaks the intended business rule and is of medium severity.

Tools Used
Manual code inspection, Slither automated analysis.

Recommendations:

• In giveReview, right after updating lastReviewTime add reviewCount[_student] += 1 so the 5-review limit is actually enforced.

• Write unit tests that fast-forward time and verify a sixth call to giveReview reverts as expected.

• Automate your security checks by integrating Slither into your CI pipeline to catch missing state updates early.