Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Missing validation of review count allows premature system upgrade

anchabadze

Description:

The graduateAndUpgrade() function in the LevelOne contract does not verify that all students have received the required number of reviews (4) before allowing the system upgrade:

function graduateAndUpgrade(address _levelTwo, bytes memory) public onlyPrincipal {
if (_levelTwo == address(0)) {
revert HH__ZeroAddress();
}
uint256 totalTeachers = listOfTeachers.length;
uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;
uint256 principalPay = (bursary * PRINCIPAL_WAGE) / PRECISION;
_authorizeUpgrade(_levelTwo);
for (uint256 n = 0; n < totalTeachers; n++) {
usdc.safeTransfer(listOfTeachers[n], payPerTeacher);
}
usdc.safeTransfer(principal, principalPay);
}

According to the documentation, there is a strict requirement about system upgrades:

> Students must have gotten all reviews before system upgrade. System upgrade should not occur if any student has not gotten 4 reviews (one for each week)

Impact:

1. The principal can upgrade the system prematurely, before all students have received their required 4 reviews

2. This violates a core invariant of the system, potentially leading to unfair treatment of students who haven't received all their reviews

Recommended Mitigation:

Add a check in the graduateAndUpgrade() function to ensure all students have received exactly 4 reviews before allowing the upgrade

Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

cut-off criteria not applied

All students are graduated when the graduation function is called as the cut-off criteria is not applied.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.