Hawk High

First Flight #39

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

There is no provision for how to deal with students who didnt get reviews on time.

nathanscott5467

Summary

Current system's rule blocks upgrade if any student is missing reviews.

Vulnerability Details

Current rules and code require that every student receives exactly 4 reviews (one per week) before upgrade, but there’s no logic for what happens if a student misses a review (e.g., teachers forget, or a student is skipped).

Impact

If a teacher misses a review, the entire school is stuck—no one can graduate.

Tools Used

Manual Review

Recommendations

Auto-Fail or Expel Students With Incomplete Reviews

At upgrade time, check if any student has <4 reviews.
If so, expel or mark them as failed (remove from list, or set a flag).
Teachers must review on time, or students are penalized (which may be a governance issue for the school to solve).
Proceed to upgrade with only those students who have 4 reviews.
The system never gets stuck.

Update Your Rules:
“Any student who does not receive all 4 reviews by session end is automatically expelled and will not be upgraded.” or etc...

Add this code in graduateAndUpgrade function in above rule

for (uint256 i = 0; i < listOfStudents.length; ) {

address student = listOfStudents[i];

if (reviewCount[student] < 4) {

// Expel student

isStudent[student] = false;

reviewCount[student] = 0;

// Remove from listOfStudents (swap and pop)

listOfStudents[i] = listOfStudents[listOfStudents.length - 1];

listOfStudents.pop();

continue; // Don't increment i, as we swapped in a new student at i

}

if (studentScore[student] < cutOffScore) {

// Expel or mark as failed

isStudent[student] = false;

reviewCount[student] = 0;

listOfStudents[i] = listOfStudents[listOfStudents.length - 1];

listOfStudents.pop();

continue;

}

i++;

}

Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 months ago

Submission Judgement Published

Validated

Assigned finding tags:

cut-off criteria not applied

All students are graduated when the graduation function is called as the cut-off criteria is not applied.

Rewards breakdown

nSLOC

243

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.