Submission Details
Impact:
Likelihood:
When a student is expelled, their score and reviewCount are not cleared.
Summary
Clean up mappings to avoid stale data.
Vulnerability Details
Clara is enrolled.
Clara get 4 bad reviews.
isStudent[clara] = true
studentScore[clara] = 60
reviewCount[clara] = 4
lastReviewTime[clara] = 1234567890
Clara is expelled.
Only isStudent[clara] is set to false.
The other mappings still have old values.
Clara re-enrolls.
isStudent[clara] = true
studentScore[clara] = 100 // initialize in enroll
reviewCount[clara] = 4 // still there!
lastReviewTime[clara] = 1234567890 // still there!
Problems:
Clara can’t get new reviews (reviewCount == 4).
Clara’s score is artificially high.
Review timing logic is broken.
Impact
If you later re-enroll the same address, their previous review count and last review time will still be present.
The student’s record will be polluted by old data, leading to unfair reviews and wrong graduation eligibility.
Tools Used
Manual Review
Recommendations
Add cleanup for all mappings related to the student after delete in the listOfStudents in expell function:
function expel(address _student) public onlyPrincipal {
if (inSession == false) {
revert();
}
if (_student == address(0)) {
revert HH__ZeroAddress();
}
if (!isStudent[_student]) {
revert HH__StudentDoesNotExist();
}
uint256 studentLength = listOfStudents.length;
for (uint256 n = 0; n < studentLength; n++) {
if (listOfStudents[n] == _student) {
listOfStudents[n] = listOfStudents[studentLength - 1];
listOfStudents.pop();
break;
}
}
// Remove all student data
isStudent[_student] = false;
studentScore[_student] = 0;
reviewCount[_student] = 0;
lastReviewTime[_student] = 0;
emit Expelled(_student);
}
Rewards breakdown
nSLOC
243This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.