Submission Details
Severity:
[EVMN-HH01] Missing Review Count Increment
Summary
Missing Review Count Increment
Vulnerability Details
The giveReview function checks if a student has received fewer than 5 reviews but never increments the counter. This means a student could receive unlimited reviews, completely bypassing the review limit check.
Impact
Severity: High (High Impact, High Likelihood)
Tools Used
Recommendations
Recommendation: Add the missing increment of the review count:
function giveReview(address _student, bool review) public onlyTeacher {
if (!isStudent[_student]) {
revert HH__StudentDoesNotExist();
}
require(reviewCount[_student] < 5, "Student review count exceeded!!!");
require(block.timestamp >= lastReviewTime[_student] + reviewTime, "Reviews can only be given once per week");
// where `false` is a bad review and true is a good review
if (!review) {
studentScore[_student] -= 10;
}
// Update last review time and increment review count
lastReviewTime[_student] = block.timestamp;
reviewCount[_student] += 1;
emit ReviewGiven(_student, review, studentScore[_student]);
}
Updates
Lead Judging Commences
yeahchibyke 18 days ago
Submission Judgement Published Assigned finding tags:
reviewCount not updated
`reviewCount` for students is not updated after each review session
yeahchibyke 18 days ago
Submission Judgement Published Assigned finding tags:
reviewCount not updated
`reviewCount` for students is not updated after each review session
Rewards breakdown
nSLOC
243This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.