Submission Details
Severity:
Teacher can able to give any number of reviews
summary
Teacher can able to give any numnber of review
vulnerability details
inside the LevelOne::giveReview we have a condition based on the LevelOne::reviewCount , but when a teacher has given the review once we are not updating the reviewCount for that specific student , thus this will allow any numner of reviews
impact - High
likelyhood - Medium
Recommendations
function giveReview(address _student, bool review) public onlyTeacher {
if (!isStudent[_student]) {
revert HH__StudentDoesNotExist();
}
require(reviewCount[_student] < 5, "Student review count exceeded!!!");
require(block.timestamp >= lastReviewTime[_student] + reviewTime, "Reviews can only be given once per week");
// where `false` is a bad review and true is a good review
if (!review) {
studentScore[_student] -= 10;
}
// Update last review time
lastReviewTime[_student] = block.timestamp;
+ reviewCount[_student]++;
emit ReviewGiven(_student, review, studentScore[_student]);
}
Updates
Lead Judging Commences
yeahchibyke about 1 month ago
Submission Judgement Published Assigned finding tags:
reviewCount not updated
`reviewCount` for students is not updated after each review session
Rewards breakdown
nSLOC
243This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.