Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

notYetInSession Modifier Not Implemented in graduateAndUpgrade Function

avalance

Summary

The graduateAndUpgrade function allows the system upgrade to take place without verifying if the school session has ended, even though the protocol requires the notYetInSession modifier to prevent upgrades during an active session. This modifier is not being used in the graduateAndUpgrade function, which could lead to upgrades occurring during an ongoing session.

Vulnerability Details

The notYetInSession modifier is already defined in the contract:

modifier notYetInSession() {
if (inSession == true) {
revert HH__AlreadyInSession();
}
_;
}

This modifier is intended to prevent upgrades when the system is still in session.

However, it is not applied in the graduateAndUpgrade function, which allows the upgrade to proceed regardless of the session state. As a result, the upgrade can be triggered during an active session, violating the intended protocol rule.

Impact

  • The protocol’s integrity is compromised if upgrades occur during an ongoing session.

  • Students may be upgraded before the session has ended, which could allow premature changes or access to new functionalities.

  • This could lead to unintended behavior or exploits if the upgrade logic is not correctly gated by the session state.

Recommendations

function graduateAndUpgrade(address _levelTwo, bytes memory) public onlyPrincipal notYetInSession {
...
}
Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

can graduate without session end

`graduateAndUpgrade()` can be called successfully even when the school session has not ended

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.