Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Missing Cutoffscore Verification

mentemdeus

Summary

In the LevelOne contract, the graduateAndUpgrade function is designed to handle the graduation process and transition to a new contract implementation. However, it does not verify whether students have achieved the necessary cutOffScore before initiating this process.

Vulnerability Details

The graduateAndUpgrade function does not check if students have met the required cutOffScore. Students who have not achieved the necessary score can still graduate, undermining the integrity of the academic evaluation process.

Impact

Students who have not achieved the necessary score (cutoffscore)can still graduate, undermining the integrity of the academic evaluation process.

Tools Used

Manual code review

Recommendations

Implement Cutoff Score Verification: Before proceeding with graduation, iterate through the list of students and ensure each has a studentScore equal to or exceeding the cutOffScore.

for (uint256 i = 0; i < listOfStudents.length; i++) {
require(studentScore[listOfStudents[i]] >= cutOffScore, "Student does not meet cutoff score");
}
Updates

Lead Judging Commences

yeahchibyke Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

cut-off criteria not applied

All students are graduated when the graduation function is called as the cut-off criteria is not applied.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!