Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: high
Likelihood: high
Invalid

Teachers cannot properly give reviews to students.

nathanscott5467

Summary

Teachers cannot give reviews to students and all students can't graduate.

Vulnerability Details

Step1: Teachers give reviews their students at the end of the first week.

Step2: Teachers have to give reviews students the following week, but they must wait until lastReviewTime[_student] + reviewTime(1 weeks) .

Step3: Teachers cannot meet the specific time and the time is moved to the next week.
Step4: Not only the students but also all students can not graduate because some of them didn't receive reviews during one week due to the invariant System upgrade should not occur if any student has not gotten 4 reviews (one for each week) from the invariants.

Impact

* Everytime teachers give a review, they have to wait until the review period has passed.

* Although if teachers give reviews their students at the end of the first week, they can't give reviews in the next week and all of students can't graduate.

Tools Used

Manual Review

Recommendations

-Remove this code in giveReview funtion.

require(
block.timestamp >= lastReviewTime[_student] + reviewTime,
"Reviews can only be given once per week"
);

-Add this code insteed

int256 reviewTimeLeft = sessionEnd - lastReviewTime;
int256 timeLeft = sessionEnd - block.timestamp;
while(timeLeft < 0) {
reviewTimeLeft -= reviewTime;
timeleft -= reviewTime;
}
require(reviewTimeLeft > 0,"Review can only be given once per week");
Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.