Summary

The graduateAndUpgrade function allows the principal to upgrade the contract without ensuring all students have received the required 4 reviews (one per week). This violates the critical invariant that system upgrades should only occur after all students have completed their review process.

Vulnerability Details

The graduateAndUpgrade function permits the principal to upgrade the contract without validating that all students have received the mandatory 4 reviews (one per week). This breaks the protocol’s critical invariant, which requires that system upgrades occur only after all students complete their review process.

The vulnerability stems from two key issues:

1. Missing Review Completion Checks:

   • The graduateAndUpgrade function does not verify that each student’s reviewCount equals 4.

   • Example: A student with only 2 reviews (due to incomplete evaluations) can still graduate if the principal triggers an upgrade.

2. None Increment of reviewCount

   during function giveReview(address _student, bool review)the function does not increment the review count of the student being reviewd thus there is no way to verify that a student review count has met the threshold during upgrade

Impact

• Unfair Graduation: Students may graduate without receiving adequate evaluations, undermining the protocol's integrity.

Tools Used

• Manual code review focused on access control and state transitions.

Recommendations

1. Enforce Review Completion check in graduateAndUpgrade

2. make sure that reviewCount is incremented when teachers give out review to student