Hawk High

First Flight #39

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Student review count is not updated after a teacher submits a review of a student.

bowtiedbrothers

Summary

Student review count is not updated after a teacher submits a review of a student. Even though there is a require statement that would not allow for more than 5 reviews for any individual student, the 'reviewCount' mapping is never updated, leaving the number of reviews for all students to remain at 0 regardless of reviews submitted by the teacher.

Vulnerability Details

Within the 'giveReview' function, 'reviewCount[_student]' is never updated, making the corresponding require statement useless:

function giveReview(address _student, bool review) public onlyTeacher {

if (!isStudent[_student]) {

revert HH__StudentDoesNotExist();

}

require(reviewCount[_student] < 5, "Student review count exceeded!!!");

require(block.timestamp >= lastReviewTime[_student] + reviewTime, "Reviews can only be given once per week");

// where `false` is a bad review and true is a good review

if (!review) {

studentScore[_student] -= 10;

}

// Update last review time

lastReviewTime[_student] = block.timestamp;

emit ReviewGiven(_student, review, studentScore[_student]);

}

Impact

Due to there being no revert or requirement preventing a review to be given after the session ends as well as an inability for the 'inSession' variable to turn back false, it gives additional time past the 'sessionEnd' date for teachers to submit reviews and alter student scores either positively or negatively that can impact whether they are able to graduate (as long as the principal has not called the 'graduateAndUpgrade' function yet).

Tools Used

Manual review and Foundry

Recommendations

Include a counter increment when a review is completed within the 'giveReview' function:

function giveReview(address _student, bool review) public onlyTeacher {

if (!isStudent[_student]) {

revert HH__StudentDoesNotExist();

}

require(reviewCount[_student] < 5, "Student review count exceeded!!!");

require(block.timestamp >= lastReviewTime[_student] + reviewTime, "Reviews can only be given once per week");

// where `false` is a bad review and true is a good review

if (!review) {

studentScore[_student] -= 10;

}

// Update last review time

lastReviewTime[_student] = block.timestamp;

+ reviewCount[_student] += 1;

emit ReviewGiven(_student, review, studentScore[_student]);

}

Updates

Lead Judging Commences

yeahchibyke Lead Judge 3 months ago

Submission Judgement Published

Validated

Assigned finding tags:

reviewCount not updated

`reviewCount` for students is not updated after each review session

Rewards breakdown

nSLOC

243

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.