Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: medium
Likelihood: medium
Invalid

Unprotected graduate() Function

mustaphaabdulaziz00

Summary

https://github.com/CodeHawks-Contests/2025-05-hawk-high/blob/3a7251910c31739505a8699c7a0fc1b7de2c30b5/src/LevelTwo.sol#L28

The LevelTwo smart contract defines a graduate() function that is publicly accessible and uses the reinitializer(2) modifier. However, the function lacks access control and internal safeguards, making it vulnerable to unauthorized execution. While the function is currently empty, its structure and naming imply that it is intended for use during a future upgrade or state transition (e.g., advancing students, distributing bursaries).

Without appropriate protection, this function may become an attack vector during future upgrades.

Vulnerability Details

Function: graduate()

Access: public

Modifier: reinitializer(2)

Issue: Anyone can call graduate() at any time, potentially triggering sensitive upgrade logic when implemented in the future.

function graduate() public reinitializer(2) {}

Impact

A malicious actor could block upgrade or state transitions by front-running the graduate() call

Tools Used

Manual

Recommendations

Updates

Lead Judging Commences

yeahchibyke Lead Judge about 2 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality
yeahchibyke Lead Judge about 2 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.