Submission Details
Impact:
Likelihood:
No validation for cutOffScore in startSession() function
Description
The startSession() function does not check whether the provided cutOffScore is a valid value (i.e., greater than 0). If the cutOffScore is set to 0, it would mean that all students, even those who perform poorly (e.g., scoring 60 marks), would automatically pass
Proof of code
function startSession(uint256 _cutOffScore) public onlyPrincipal notYetInSession {
sessionEnd = block.timestamp + 4 weeks;
inSession = true;
cutOffScore = _cutOffScore;
emit SchoolInSession(block.timestamp, sessionEnd);
}
Impact
1) If cutOffScore is set to 0, every student will pass, regardless of their actual score
Tools Used
1) Vs code
2) Manual review
Recommendations
Add validation to ensure that the cutOffScore is greater than 0 before starting the session
function startSession(uint256 _cutOffScore) public onlyPrincipal notYetInSession {
------->require(cutOffScore > 0, "Cut off score must be greater than 0");
sessionEnd = block.timestamp + 4 weeks;
inSession = true;
cutOffScore = _cutOffScore;
emit SchoolInSession(block.timestamp, sessionEnd);
}
Rewards breakdown
nSLOC
243This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.