Medium: LevelOne::graduateAndUpgrade — Missing `sessionEnd` check allows premature upgrade
Description
LevelOne::graduateAndUpgrade() may be called at any moment after startSession() because the function never verifies that the 4‑week session has actually finished.
The intended invariant “System upgrade cannot take place unless the school’s sessionEnd has been reached” is therefore unenforced.
Impact
The principal can upgrade the proxy contract and trigger all graduation side‑effects weeks early, before the 4 week session length has passed.
Severity = Medium: a single transaction from the principal is enough to violate the core time‑based restriction of the protocol. Assumption: Principal is trusted.
Proof of Concepts
Add to LevelOneAndGraduateTest.t.sol and run forge test --match-test test_graduateBefore_sessionEnd() -vvv ⇒ The test will pass, proving that the upgrade can be executed while block.timestamp < sessionEnd.
Recommended mitigation
Insert an explicit time‑lock at the very start of graduateAndUpgrade():
or, if you prefer a modifier:
This single guard enforces the 4‑week duration and restores the intended invariant.
Lead Judging Commences
can graduate without session end
`graduateAndUpgrade()` can be called successfully even when the school session has not ended
can graduate without session end
`graduateAndUpgrade()` can be called successfully even when the school session has not ended
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.