Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

No check for sessionEnd when calling `graduateAndUpgrade`

vincent71399

Description: According to the documentation, the graduateAndUpgrade function should not be called unless the school's sessionEnd has reached.
However, there is no check for sessionEnd in the graduateAndUpgrade function.

Impact: This could lead to a situation where the graduateAndUpgrade function is called before the sessionEnd

Proof of Concept: pre-requirement is fixing the LevelTwo not implementing UUPSUpgradeable
then add following test and run

function test_no_check_for_sessionEnd() public {
vm.startPrank(principal);
levelOneProxy.startSession(cutOffScore);
assert(levelOneProxy.sessionEnd() > block.timestamp);
LevelTwoEdit levelTwo = new LevelTwoEdit();
levelOneProxy.graduateAndUpgrade(address(levelTwo), abi.encodeWithSignature("graduate()"));
vm.stopPrank();
}

Recommended Mitigation: add condition to check if sessionEnd has reached in the graduateAndUpgrade function

+ error HH__SessionNotEnd();
...
function graduateAndUpgrade(address _levelTwo, bytes memory) public onlyPrincipal {
+ if (inSession == true && block.timestamp < sessionEnd) {
+ revert HH__SessionNotEnd();
+ }
+ inSession = false;
...
}
Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

can graduate without session end

`graduateAndUpgrade()` can be called successfully even when the school session has not ended

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.