Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Missing review count update in giveReview() blocks graduation and system upgrade

harisuthan5534798

Description

The giveReview() function in level1.sol fails to update the review count for each student when a review is given. This leads to a critical logical flaw where students may receive reviews without incrementing their count, which directly affects whether the system can accurately determine if a student has received all 4 weekly reviews required for graduation.

Impact

1) A student can receive more than 4 reviews without proper tracking, since the review count is not updated.

2) Even if a student receives 4 reviews, the contract may incorrectly assume they haven’t, causing the upgrade process to fail.

Proof of code

The test case testreviewcountnotupdated() was written to verify that the giveReview() function correctly increments the student's review count when a teacher gives a review.

In this test:

  • Two students (student1 and student2) are enrolled.

  • The school session is started by the principal.

  • After 1 week, the teacher alice gives a review to student1.

  • We expect reviewCount(student1) to be 1.

However, when the test runs, the assertion fails because reviewCount(student1) remains 0, indicating that the review count is not being updated inside the giveReview() function

function testreviewcountnotupdated() external{
address student1 = makeAddr("student1");
address student2 = makeAddr("student2");
usdc.mint(student1, schoolFees);
usdc.mint(student2, schoolFees);
vm.startPrank(student1);
usdc.approve(address(levelOneProxy), schoolFees);
levelOneProxy.enroll();
vm.stopPrank();
vm.startPrank(student2);
usdc.approve(address(levelOneProxy), schoolFees);
levelOneProxy.enroll();
vm.stopPrank();
vm.startPrank(principal);
levelOneProxy.addTeacher(alice);
levelOneProxy.addTeacher(bob);
levelOneProxy.startSession(50);
vm.stopPrank();
//The teacher gave a review to Student 1, so the review count for Student 1 should be 1
vm.warp(block.timestamp + 1 weeks);
vm.prank(alice);
levelOneProxy.giveReview(student1, true);
console2.log("student1 review count", levelOneProxy.reviewCount(student1));
console2.log("student2 review count", levelOneProxy.reviewCount(student2));
assert( levelOneProxy.reviewCount(student1) == 1);
}

Test Output :

Ran 1 test for test/LeveOnelAndGraduateTest.t.sol:LevelOneAndGraduateTest
[FAIL: panic: assertion failed (0x01)] testreviewcountnotupdated() (gas: 588735)
Logs:
student1 review count 0
student2 review count 0

Tools Used

1) VS code

2) Manual Review

Recommendations :

update the review count inside the giveReview() function

function giveReview(address _student, bool review) public onlyTeacher {
if (!isStudent[_student]) {
revert HH__StudentDoesNotExist();
}
require(reviewCount[_student] < 5, "Student review count exceeded!!!");
require(block.timestamp >= lastReviewTime[_student] + reviewTime, "Reviews can only be given once per week");
// where `false` is a bad review and true is a good review
if (!review) {
studentScore[_student] -= 10;
}
// Update last review time
lastReviewTime[_student] = block.timestamp;
--------->>>>>> reviewCount[_student] += 1;
emit ReviewGiven(_student, review, studentScore[_student]);
}
Updates

Lead Judging Commences

yeahchibyke Lead Judge 18 days ago
Submission Judgement Published
Validated
Assigned finding tags:

reviewCount not updated

`reviewCount` for students is not updated after each review session

yeahchibyke Lead Judge 18 days ago
Submission Judgement Published
Validated
Assigned finding tags:

reviewCount not updated

`reviewCount` for students is not updated after each review session

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.