Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: high
Likelihood: high
Invalid

Uninitialized state variable

ciphermalware

Summary

The reviewCount mapping in the LevelOne contract is never initialized but is used in the giveReview function, which leads to unexpected behavior.

Vulnerability Details

The reviewCount mapping is declared as a state variable but is never initialized with a default value before being used in a comparison in the giveReview function, like this:

mapping(address => uint256) private reviewCount;

In the giveReview function, there's a check that relies on this uninitialized value:

require(reviewCount[_student] < 5, "Student review count exceeded!!!");

However, the function never updates reviewCount after the check.

Impact

This vulnerability leads to 2 issues:

First the reviewCount check is effectively useless since it's never incremented and the second problem is that the function will always pass this condition as the default value for uint256 is 0

This undermines the intended restriction mechanism and allow an unlimited number of reviews for a student, manipulating their scores unfairly.

Recommendations

Personally I would initialize the reviewCount mapping for each student when they are enrolled

Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
yeahchibyke Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.