reviewCount Not Incremented, Allowing Unlimited Reviews per Student
Summary
The giveReview function restricts each student to receiving a maximum of 5 reviews. However, the code does not increment the reviewCount after a review is submitted, making the restriction ineffective and allowing unlimited reviews.
Vulnerability Details
The relevant check:
require(reviewCount[_student] < 5, "Student review count exceeded!!!");
is supposed to limit a student to 5 reviews. However, reviewCount[_student] is never updated in the function. As a result, the condition always passes if the initial value is 0, and the function can be called repeatedly without restriction.
Missing logic:
reviewCount[_student] += 1;
This oversight completely bypasses the intended limitation and weakens the review system.
Impact
Logic flaw: The intended 5-review cap is meaningless and never enforced.
Student abuse: A teacher could repeatedly review (and penalize) the same student, especially with bad reviews.
Score manipulation: A malicious teacher can reduce a student’s score significantly beyond intended design.
Tools Used
Manual code inspection and logic tracing.
Recommendations
Increment the review count after a review is submitted:
reviewCount[_student] += 1;
Lead Judging Commences
reviewCount not updated
`reviewCount` for students is not updated after each review session
reviewCount not updated
`reviewCount` for students is not updated after each review session
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.