Submission Details
Severity:
Missing Session End Check Allows Premature Graduation and Upgrade
Summary
The LevelOne::graduateAndUpgradedoes not check if the sessionEndhas passed making it possible to graduate and upgrade prematurly.
Impact
Not having a check for if the school session has ended breaks one of the invariants of the contract which results in the protocol does not work as intended and loss of user trust.
Tools Used
Manual code review
Recommendations
Add a check to the graduateAndUpgradefunction:
+ error HH_SessionNotEnded()
function graduateAndUpgrade(address _levelTwo, bytes memory) public onlyPrincipal {
if (_levelTwo == address(0)) {
revert HH__ZeroAddress();
}
+ if (block.timestamp < sessionEnd) {
+ revert HH_SessionNotEnded();
+ }
uint256 totalTeachers = listOfTeachers.length;
uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;
uint256 principalPay = (bursary * PRINCIPAL_WAGE) / PRECISION;
_authorizeUpgrade(_levelTwo);
for (uint256 n = 0; n < totalTeachers; n++) {
usdc.safeTransfer(listOfTeachers[n], payPerTeacher);
}
usdc.safeTransfer(principal, principalPay);
}
Updates
Lead Judging Commences
yeahchibyke 7 months ago
Submission Judgement Published Assigned finding tags:
can graduate without session end
`graduateAndUpgrade()` can be called successfully even when the school session has not ended
Rewards breakdown
nSLOC
243This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.