Hawk High

First Flight #39

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Failure to Verify `cutOffScore` for Student Upgrades in `graduateAndUpgrade` Function

mahdi811

Summary

The graduateAndUpgrade function in LevelOne.sol does not verify whether students meet the cutOffScore before upgrading the system, allowing unqualified students to be upgraded to LevelTwo, violating the project's invariant.

Vulnerability Details

According to the project invariants, any student who does not meet the cutOffScore should not be upgraded to the next level when the system transitions to LevelTwo. However, the graduateAndUpgrade function lacks any logic to check studentScore[_student] >= cutOffScore for students in listOfStudents. This allows all students, including those with scores below cutOffScore, to potentially be included in the upgrade process.

Relevant code in graduateAndUpgrade:

function graduateAndUpgrade(address _levelTwo, bytes memory) public onlyPrincipal {

if (_levelTwo == address(0)) {

revert HH__ZeroAddress();

}

uint256 totalTeachers = listOfTeachers.length;

uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;

uint256 principalPay = (bursary * PRINCIPAL_WAGE) / PRECISION;

_authorizeUpgrade(_levelTwo);

for (uint256 n = 0; n < totalTeachers; n++) {

usdc.safeTransfer(listOfTeachers[n], payPerTeacher);

}

usdc.safeTransfer(principal, principalPay);

}

No condition verifies studentScore against cutOffScore, violating the invariant.

Impact

Impact: High
This vulnerability severely disrupts the protocol's core functionality by allowing unqualified students (those with scores below cutOffScore) to be upgraded to LevelTwo. This undermines the project's merit-based graduation system, leading to unfair outcomes and compromising the protocol's integrity. No direct financial loss occurs, but the system's logic is significantly violated.
Likelihood: Medium
Exploitation depends on the principal calling graduateAndUpgrade when some students have scores below cutOffScore, which is feasible during normal operation if reviews result in low scores. The likelihood is moderate, as it requires specific conditions but is not guaranteed.

Tools Used

Manual code analysis

Recommendations

filter eligible students into a new list for LevelTwo to ensure only qualified students are upgraded, which requires additional logic in LevelTwo's initialization.

Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 months ago

Submission Judgement Published

Validated

Assigned finding tags:

cut-off criteria not applied

All students are graduated when the graduation function is called as the cut-off criteria is not applied.

Rewards breakdown

nSLOC

243

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.