Hawk High

Summary

The graduateAndUpgrade function in LevelOne.sol fails to enforce the protocol invariant that only students meeting or exceeding the cutOffScore—and who have received all four weekly reviews—are promoted to the next level. As a result, underperforming students can still be upgraded and counted as graduates, violating the intended access control and academic integrity of the system.

Vulnerability Details

• Missing Score Check: There is no iteration over listOfStudents to verify that each student’s studentScore is at or above cutOffScore.

• Missing Review Count Check: The contract does not track or enforce that each student has received exactly four reviews before allowing the upgrade. In fact, the reviewCount mapping is never incremented in giveReview, so even if checks were added, they would always fail to detect missing reviews.

• Unconditional Upgrade: After calling _authorizeUpgrade, the function immediately transfers wages to teachers and principal without conditionally excluding failing students or preventing the upgrade if any student is below cutoff or lacks reviews.

• Test POC: The provided Foundry test demonstrates that Harriet—whose score was reduced below the cutoff of 70 via four consecutive bad reviews—remains enrolled after graduateAndUpgrade and is counted among the students in the new LevelTwo implementation.

Impact

• Academic Integrity Breach: Students who do not meet the minimum performance standards can bypass the cutoff and advance, undermining the credibility of the grading system.

• Protocol Violation: The protocol invariant (“Any student who doesn't meet the cutOffScore should not be upgraded”) is broken, potentially leading to disputes or financial loss if only graduates receive certain benefits.

Tools Used

• Foundry

• Manual review

Recommendations

Enforce cutoff score before graduating students