Hawk High

First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Submission Details
Severity: low
Valid

Principal can get an extra pay

summary

Principal can get an extra pay

vulnerability details

Principal can add his own address in the Teachers list with LevelOne::addTeacher and when the principal has been executing LevelOne::graduateAndUpgrade , he can get an extra pay amount for how much amount we are going to pay for a teacher

impact - Medium

likelyhood - Low

Recommendations

Add a condition inside the function LevelOne::addTeacher

function addTeacher(address _teacher) public onlyPrincipal notYetInSession {
if (_teacher == address(0)) {
revert HH__ZeroAddress();
}
if (isTeacher[_teacher]) {
revert HH__TeacherExists();
}
- if (isStudent[_teacher]) {
+ if (isStudent[_teacher] || _teacher == principal) {
revert HH__NotAllowed();
}
listOfTeachers.push(_teacher);
isTeacher[_teacher] = true;
emit TeacherAdded(_teacher);
}
Updates

Lead Judging Commences

yeahchibyke Lead Judge 18 days ago
Submission Judgement Published
Validated
Assigned finding tags:

principal can become teacher

Principal can add themselves as teacher and share in teacher pay upon graduation

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.