Submission Details
Impact:
Likelihood:
We can able to enroll even if the session is not started
summary
We can able to enroll even if the session is not started
vulnerability details
We are using LevelOne::notYetInSession as wrongly at many places . This modifier is only suitable for the function LevelOne::startSession as this checks for if the session has already been started or not and this is not suitable for other functions
POC
function testModifer() public {
LevelOne levelOneImplementation = new LevelOne();
vm.startPrank(clara);
levelOneImplementation.initialize(principal, schoolFees, address(usdc));
usdc.approve(address(levelOneImplementation), schoolFees);
levelOneImplementation.enroll();
vm.stopPrank();
}
impact - High
likelyhood - High
Recommendations
we need to have a modifier like this and need to replace it with the LevelOne::notYetInSession modifer usages in the below functions
-> LevelOne::enroll
-> LevelOne::addTeacher
modifier isSessionStarted() {
if (inSession == false) {
revert HH__SessionHaventStarted();
}
_;
}
Updates
Appeal created
lucky2892000
about 1 month ago
lucky2892000
about 1 month ago
yeahchibyke
about 1 month ago
Rewards breakdown
nSLOC
243This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.