Submission Details
Severity:
[EVMN-HH09] Incomplete Implementation of Graduate Function in `LevelTwo`
Summary
Incomplete Implementation of Graduate Function in LevelTwo.
Vulnerability Details
The graduate() function in LevelTwo.sol is empty but is marked as a reinitializer. This means the upgrade process is incomplete and would fail to properly migrate state from LevelOne to LevelTwo.
Impact
Critical (High Impact, High Likelihood)
Tools Used
Manual review
Recommendations
Implement the graduate function to properly handle the state transfer:
function graduate(address _principal, uint256 _cutOffScore, address[] calldata _students,
address[] calldata _teachers, address _usdc, uint256 _bursary) public reinitializer(2) {
principal = _principal;
cutOffScore = _cutOffScore;
usdc = IERC20(_usdc);
bursary = _bursary;
// Copy students
for (uint256 i = 0; i < _students.length; i++) {
listOfStudents.push(_students[i]);
isStudent[_students[i]] = true;
}
// Copy teachers
for (uint256 i = 0; i < _teachers.length; i++) {
listOfTeachers.push(_teachers[i]);
isTeacher[_teachers[i]] = true;
}
}
Updates
Lead Judging Commences
yeahchibyke 6 months ago
Submission Judgement Published Assigned finding tags:
cut-off criteria not applied
All students are graduated when the graduation function is called as the cut-off criteria is not applied.
Rewards breakdown
nSLOC
243This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.