Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Missing session end validation allows premature system upgrade

anchabadze

Description:

The graduateAndUpgrade() function in the LevelOne contract does not verify that the current time has reached or exceeded the sessionEnd value before allowing the system upgrade. According to the protocol's invariants, a system upgrade should not take place unless the school's sessionEnd has been reached.

function graduateAndUpgrade(address _levelTwo, bytes memory) public onlyPrincipal {
if (_levelTwo == address(0)) {
revert HH__ZeroAddress();
}
// Missing check: require(block.timestamp >= sessionEnd, "Session not ended yet");
uint256 totalTeachers = listOfTeachers.length;
uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;
uint256 principalPay = (bursary * PRINCIPAL_WAGE) / PRECISION;
_authorizeUpgrade(_levelTwo);
// ... rest of the function
}

This oversight allows the principal to upgrade the system at any time, even in the middle of an ongoing school session.

Impact:

  • The principal can prematurely upgrade the system before the 4-week session has completed

  • Students may not receive all their required reviews before the upgrade

  • The educational process can be cut short, violating the core protocol invariant that "A school session lasts 4 weeks"

  • Wages might be distributed before the full session's work has been completed

Recommended Mitigation:

Add a check at the beginning of the graduateAndUpgrade function to ensure the session has ended

Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

can graduate without session end

`graduateAndUpgrade()` can be called successfully even when the school session has not ended

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.