Submission Details
Severity:
[EVMN-HH02] Missing Session End Validation in `graduateAndUpgrade()`
Summary
Missing Session End Validation in graduateAndUpgrade()
Vulnerability Details
According to the provided invariants, system upgrade cannot take place unless the school's sessionEnd has been reached. However, the graduateAndUpgrade() function lacks this validation, allowing premature graduation.
Impact
Severity: High (High Impact, Medium Likelihood)
Tools Used
Manual review
Recommendations
Add a check to ensure the session has ended:
function graduateAndUpgrade(address _levelTwo, bytes memory) public onlyPrincipal {
if (_levelTwo == address(0)) {
revert HH__ZeroAddress();
}
if (block.timestamp < sessionEnd) {
revert("Session has not ended yet");
}
uint256 totalTeachers = listOfTeachers.length;
uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;
uint256 principalPay = (bursary * PRINCIPAL_WAGE) / PRECISION;
_authorizeUpgrade(_levelTwo);
for (uint256 n = 0; n < totalTeachers; n++) {
usdc.safeTransfer(listOfTeachers[n], payPerTeacher);
}
usdc.safeTransfer(principal, principalPay);
}
Updates
Lead Judging Commences
yeahchibyke 16 days ago
Submission Judgement Published Assigned finding tags:
can graduate without session end
`graduateAndUpgrade()` can be called successfully even when the school session has not ended
yeahchibyke 16 days ago
Submission Judgement Published Assigned finding tags:
can graduate without session end
`graduateAndUpgrade()` can be called successfully even when the school session has not ended
Rewards breakdown
nSLOC
243This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.