Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: medium
Likelihood: medium
Invalid

Expelled Students Can Re-enroll Without Restrictions

khalidwalid

Description

The LevelOne contract lacks a mechanism to prevent expelled students from immediately re-enrolling in the school. When a student is expelled through the expel() function, their records are removed from active students, but no blacklisting or cooldown period is implemented to prevent them from calling the enroll() function again.

Vulnerable Code Relationship

Let's examine the relevant functions:

Expel Function:

function expel(address _student) public onlyPrincipal {
if (inSession == false) {
revert();
}
if (_student == address(0)) {
revert HH__ZeroAddress();
}
if (!isStudent[_student]) {
revert HH__StudentDoesNotExist();
}
uint256 studentLength = listOfStudents.length;
for (uint256 n = 0; n < studentLength; n++) {
if (listOfStudents[n] == _student) {
listOfStudents[n] = listOfStudents[studentLength - 1];
listOfStudents.pop();
break;
}
}
isStudent[_student] = false;
emit Expelled(_student);
}

Enroll Function:

function enroll() external notYetInSession {
if (isTeacher[msg.sender] || msg.sender == principal) {
revert HH__NotAllowed();
}
if (isStudent[msg.sender]) {
revert HH__StudentExists();
}
usdc.safeTransferFrom(msg.sender, address(this), schoolFees);
listOfStudents.push(msg.sender);
isStudent[msg.sender] = true;
studentScore[msg.sender] = 100;
bursary += schoolFees;
emit Enrolled(msg.sender);
}

Impact

  1. Undermines Disciplinary Actions: The ability to re-enroll defeats the purpose of expulsion as a disciplinary measure, rendering administrative authority ineffective.

  2. Financial Exploitation: An expelled student can re-enroll by paying the school fees again. This creates a scenario where:

    • The school receives additional fees

    • The student gets a reset score of 100

    • The student's previous negative academic history is erased

  3. Gaming the System: Students approaching failing scores can intentionally get expelled (or request expulsion) and then re-enroll to reset their scores to 100, circumventing the academic evaluation system.

  4. Operational Inconsistency: If a student is expelled for serious reasons, allowing immediate re-enrollment creates operational and reputational risks for the school.

Proof of Concept

  1. A student enrolls in the school, paying the school fees

  2. The student receives negative reviews, lowering their score significantly

  3. The principal expels the student using expel()

  4. Once the session ends (or during the next enrollment period), the student calls enroll() again

  5. The student is re-admitted with a fresh score of 100, having effectively bypassed any consequences

Recommendation

Implement a permanent or temporary blacklisting mechanism for expelled students. This could be done by:

Option 1 - Permanent Ban:

// Add a new mapping
mapping(address => bool) public hasBeenExpelled;
function expel(address _student) public onlyPrincipal {
// Existing code...
isStudent[_student] = false;
hasBeenExpelled[_student] = true; // Mark as expelled
emit Expelled(_student);
}
function enroll() external notYetInSession {
// Add this check
if (hasBeenExpelled[msg.sender]) {
revert HH__PreviouslyExpelled(); // New custom error
}
// Rest of the existing enrollment code...
}

Option 2 - Cooldown Period:

// Add a new mapping
mapping(address => uint256) public expelledTimestamp;
function expel(address _student) public onlyPrincipal {
// Existing code...
isStudent[_student] = false;
expelledTimestamp[_student] = block.timestamp; // Record expulsion time
emit Expelled(_student);
}
function enroll() external notYetInSession {
// Add this check with a cooldown period (e.g., 1 year)
if (expelledTimestamp[msg.sender] > 0 &&
block.timestamp < expelledTimestamp[msg.sender] + 365 days) {
revert HH__ExpulsionCooldownPeriod(); // New custom error
}
// Rest of the existing enrollment code...
}

Implementing either solution would enforce proper consequences for expulsion and maintain the integrity of the school's disciplinary system.

Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.