`reviewCount[_student]` is not updated when giving a review, leading to allowing more than 4 reviews
Summary
When giving a review, we do not increment reviewCount[_student], so this check will always pass, even if we give 5 or more reviews.
Vulnerability Details
In LevelOne::giveReview, we check if the input student has less than 5 reviewCount[_student]. However, the mapping is never updated in the code, which means this check will always pass even if it's the 5th review.
Impact
The check is useless, and we can give more reviews than intended. Not sure if teachers can be considered malicious, or it can be considered a mistake by the teacher. Moreover, since this mapping is broken, we can't really check if all the students have received 4 reviews, which is essential for the upgrade and graduation. But this is also dependent on principal to update without verifying all the students received their review.
Hence, leaving it as Low-severity.
Tools Used
Manual Review
Recommendations
At the end of LevelOne::giveReview, add a line reviewCount[_student]++
Lead Judging Commences
reviewCount not updated
`reviewCount` for students is not updated after each review session
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.