Hawk High

First Flight #39

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: high

Likelihood: high

Invalid

Incomplete Logic in `LevelTwo` Contract

mahdi811

Summary

The LevelTwo.sol contract lacks essential functions required for the Hawk High system to operate after the upgrade from LevelOne, rendering the upgraded system non-functional and violating the project's intent to continue operations seamlessly.

Vulnerability Details

The LevelTwo.sol contract is intended to serve as the upgraded implementation of the Hawk High system after the graduateAndUpgrade function is called in LevelOne.sol. However, it lacks critical functions such as enroll, giveReview, startSession, addTeacher, removeTeacher, expel, and graduateAndUpgrade, which are necessary for core operations (e.g., student enrollment, weekly reviews, session management, and further upgrades). The contract only includes a minimal graduate function with reinitializer(2) and a few getter functions, making it incapable of supporting the system's functionality post-upgrade.

Relevant code in LevelTwo.sol:

function graduate() public reinitializer(2) {}

The absence of operational logic contrasts with LevelOne.sol, which contains a complete set of functions for managing the school system.

Impact

Impact: High
This vulnerability causes a severe disruption of protocol functionality, as the upgraded LevelTwo contract cannot perform essential operations, effectively halting the Hawk High system after the upgrade. Students cannot enroll, teachers cannot submit reviews, and the session cannot be managed, rendering the protocol non-functional. While no direct fund loss occurs, the entire system's purpose is compromised.
Likelihood: High
The issue is automatic and inevitable upon upgrading to LevelTwo, as the lack of logic is inherent to the contract's design. It occurs every time the upgrade is executed, requiring no malicious intent.

Tools Used

Manual code analysis

Recommendations

Implement all necessary functions in LevelTwo.sol to mirror the functionality of LevelOne.sol, with any intended improvements (e.g., increased teacher wage of 40%). Suggested actions:

Add core functions to LevelTwo.sol, including but not limited to:
- enroll: To allow new students to join.
- giveReview: To enable teachers to submit weekly reviews.
- startSession: To initiate a new 4-week session.
- addTeacher, removeTeacher, expel: For managing teachers and students.
- graduateAndUpgrade: To support future upgrades.
Example structure for LevelTwo.sol:

function enroll() external notYetInSession {

// Implementation similar to LevelOne.sol

}

function giveReview(address _student, bool review) public onlyTeacher {

// Implementation similar to LevelOne.sol

}

function startSession(uint256 _cutOffScore) public onlyPrincipal notYetInSession {

// Implementation similar to LevelOne.sol

}

Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Rewards breakdown

nSLOC

243

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.