Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

LevelOne::graduateAndUpgrade can occurs even if the session is not ended

franzops

Summary

System upgrade with function graduateAndUpgrade can occurs even if the session is not ended, breaking Invariant.

Vulnerability Details

The function LevelOne::graduateAndUpgrade does not check if the session is ended.

This means that the upgrade can occurs even if the session is still going, breaking the invariant.

Impact

VERY HIGH, it cause an important invariant break and it's likelihood is high too.

Tools Used

Manual review

Recommendations

Consider adding a check in the function LevelOne::graduateAndUpgrade which revert if the session is not ended yet and add the change state of LevelOne::inSession to false in order to consider the session ended.

Proof Of Code:

function graduateAndUpgrade(address _levelTwo, bytes memory) public onlyPrincipal {
if (_levelTwo == address(0)) {
revert HH__ZeroAddress();
}
+ require((block.timestamp >= sessionEnd), "Session has not ended yet");
+ inSession = false;
uint256 totalTeachers = listOfTeachers.length;
uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;
uint256 principalPay = (bursary * PRINCIPAL_WAGE) / PRECISION;
_authorizeUpgrade(_levelTwo);
for (uint256 n = 0; n < totalTeachers; n++) {
usdc.safeTransfer(listOfTeachers[n], payPerTeacher);
}
usdc.safeTransfer(principal, principalPay);
}
Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

can graduate without session end

`graduateAndUpgrade()` can be called successfully even when the school session has not ended

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.