Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: low
Invalid

Session can be started even if no teacher or no students in the school

vincent71399

Description: A session should not begin unless at least one teacher and one student are present in the school.
Since the addTeacher and enroll functions are only callable before the session starts,
calling startSession without any teacher or student will lock the state until graduation.

Impact: If principal did not check for teachers and students before starting the session,
will result in no students and teachers in the school,

Proof of Concept: add following test and run

function test_startSession_without_students_and_teachers() public {
assertEq(levelOneProxy.getListOfStudents().length, 0);
assertEq(levelOneProxy.getListOfTeachers().length, 0);
vm.startPrank(principal);
levelOneProxy.startSession(cutOffScore); // principal start session without any students and teachers
vm.stopPrank();
}

Recommended Mitigation: add a check that at least one teacher and one student should be present in the school before startSession

function startSession(uint256 _cutOffScore) public onlyPrincipal notYetInSession {
+ require(listOfStudents.length > 0 && listOfTeachers.length > 0, "No students or teachers enrolled");
...
}
Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.