Hawk High

First Flight #39

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: medium

Likelihood: high

Invalid

[H-7] Missing Core Functionality in LevelTwo Contract

nymuelis

Severity

High

Impact

After upgrading from LevelOne to LevelTwo, the contract will lack essential functionality for school operations. Critical functions like enroll(), startSession(), and giveReview() are completely missing, rendering the school system non-operational after upgrade. Students cannot join, sessions cannot start, and reviews cannot be given, effectively breaking the entire educational platform.

Description

LevelTwo.sol is supposed to be the upgraded version of LevelOne.sol, continuing the school operations with the remaining 60% of funds. However, it's missing nearly all essential functions required for the school to operate:

enroll() - Students cannot join the school
addTeacher() and removeTeacher() - Faculty cannot be managed
expel() - Problematic students cannot be removed
startSession() - New school sessions cannot be initiated
giveReview() - Students cannot receive weekly reviews

This absence of core functionality means that after upgrade, even though the contract preserves some state (like existing students and teachers), no new educational activities can occur. The school essentially becomes a static repository with no way to conduct its primary operations.

The issue is particularly severe because according to the protocol documentation, the system is expected to continue functioning with the 60% of bursary funds that remain after paying teachers and the principal. However, the lack of these critical functions means these funds cannot be utilized for their intended purpose.

Tools Used

Manual code review

Recommended Mitigation

Implement all missing core functionality in LevelTwo by either:

Having LevelTwo inherit core functionality from LevelOne:

// LevelTwo.sol

- contract LevelTwo is Initializable {

+ contract LevelTwo is Initializable, UUPSUpgradeable {

+ // Import core functionality from LevelOne or reimplement

+ function enroll() external notYetInSession {

+ // Implementation

+ }

+ function addTeacher(address _teacher) public onlyPrincipal notYetInSession {

+ // Implementation

+ }

+ function startSession(uint256 _cutOffScore) public onlyPrincipal notYetInSession {

+ // Implementation

+ }

+ function giveReview(address _student, bool review) public onlyTeacher {

+ // Implementation

+ }

+ // Other missing functions...

}

Or create a shared base contract to prevent code duplication:

// BaseSchool.sol

contract BaseSchool is Initializable, UUPSUpgradeable {

// Shared functionality between LevelOne and LevelTwo

// Core functions like enroll(), addTeacher(), etc.

}

// LevelOne.sol

contract LevelOne is BaseSchool {

// LevelOne specific functionality

}

// LevelTwo.sol

contract LevelTwo is BaseSchool {

// LevelTwo specific functionality

}

Updates

Lead Judging Commences

yeahchibyke Lead Judge about 2 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Rewards breakdown

nSLOC

243

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.