Summary:

The giveReview function uses reviewCount[_student] < 5 to limit the number of reviews a student can receive. However, since reviewCount starts at zero and increments by one for each review, this check allows only 4** reviews instead of 5**, violating the documented requirement that each student must receive 4 reviews per session.

Vulnerability Details:

when,

1. reviewCount[_student] < 5 => 0<5 => 1 review => reviewCount[_student] +=1 => reviewCount[_student] = 1

2. reviewCount[_student] < 5 => 1<5 => 2review => reviewCount[_student] +=1 => reviewCount[_student] = 2

3. reviewCount[_student] < 5 => 2<5 => 3 review => reviewCount[_student] +=1 => reviewCount[_student] = 3

4. reviewCount[_student] < 5 => 3<5 =>4 review => reviewCount[_student] +=1 => reviewCount[_student] = 4

5. reviewCount[_student] < 5 => 4<5 =>5 review can be added => reviewCount[_student] +=1 => reviewCount[_student] = 5

Impact:

Extra review can be added to the student.

Tools Used: Mannual Review

Recommendations:

require(reviewCount[_student] < 4, "Student review count exceeded!");