Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

[H-2] There is no check for cut off score for students and having required reviews before upgrade

The Best Audit Group

Summary

Two invariants are breaking i.e.

  • Students must receive 4 reviews before upgrade

  • Students below cutOffScore should not be upgraded

They are not catered in the graduateAndUpgrade function due to which protocol is unable to check that if students have received 4 reviews before graduation and they are in below cutOffscore and it is indicating that all students will be pushed to level two for upgrade upon graduation.

Vulnerability Details

Without check for cutoffscore, students are still getting upgraded and students less than 4 reviews are still getting upgraded. Secondly in givereview function the teacher is giving reviews to student but it is not getting updated so everytime it is only validating true to the condition that student count should be less than 5 but it is not recording it anywhere that how much reviews were done.

function giveReview(address _student, bool review) public onlyTeacher {
if (!isStudent[_student]) {
revert HH__StudentDoesNotExist();
}
require(reviewCount[_student] < 5, "Student review count exceeded!!!");
require(block.timestamp >= lastReviewTime[_student] + reviewTime, "Reviews can only be given once per week");
// where `false` is a bad review and true is a good review
if (!review) {
studentScore[_student] -= 10;
}
// Update last review time
lastReviewTime[_student] = block.timestamp;
emit ReviewGiven(_student, review, studentScore[_student]);
}

Impact

Unfair distribution of students in graduating from level 1 to level 2.

Tools Used

Manual Review

Recommendations

Added checks for review count and score for each student and also record the reviews in the givereview function so that every student's score can be counted

error HH__NotEnoughReviews();
error HH__StudentDidNotMeetCutOff();
function giveReview(address _student, bool review) public onlyTeacher {
if (!isStudent[_student]) {
revert HH__StudentDoesNotExist();
}
require(reviewCount[_student] < 4, "Student review count exceeded!!!");
require(block.timestamp >= lastReviewTime[_student] + reviewTime, "Reviews can only be given once per week");
// where `false` is a bad review and true is a good review
if (!review) {
studentScore[_student] -= 10;
}
// Track the review count
reviewCount[_student] += 1;
// Update last review time
lastReviewTime[_student] = block.timestamp;
emit ReviewGiven(_student, review, studentScore[_student]);
}
function graduateAndUpgrade(address _levelTwo, bytes memory) public onlyPrincipal {
if (_levelTwo == address(0)) {
revert HH__ZeroAddress();
}
uint256 totalTeachers = listOfTeachers.length;
uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;
uint256 principalPay = (bursary * PRINCIPAL_WAGE) / PRECISION;
// Check review count and score for each student
uint256 studentLength = listOfStudents.length;
for (uint256 i = 0; i < studentLength; i++) {
if (reviewCount[listOfStudents[i]] < 4) {
revert HH__NotEnoughReviews();
}
if (studentScore[listOfStudents[i]] < cutOffScore) {
revert HH__StudentDidNotMeetCutOff();
}
}
_authorizeUpgrade(_levelTwo);
for (uint256 n = 0; n < totalTeachers; n++) {
usdc.safeTransfer(listOfTeachers[n], payPerTeacher);
}
usdc.safeTransfer(principal, principalPay);
}
Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

cut-off criteria not applied

All students are graduated when the graduation function is called as the cut-off criteria is not applied.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.