Submission Details
Severity:
Missing critical invariant check in graduateAndUpgrade() __LevelOne.sol
Summary
The graduateAndUpgrade function doesn't check for inaviant System upgrade should not occur if any student has not gotten 4 reviews (one for each week.
Vulnerability Details
There’s no check to ensure:
All students have 4 reviews before updrage.
This allows the principal to upgrade prematurely, even if some students has less reviews.
function graduateAndUpgrade(address _levelTwo, bytes memory) public onlyPrincipal {
if (_levelTwo == address(0)) {
revert HH__ZeroAddress();
}
// require(block.timestamp >= sessionEnd, "Session has not ended yet");
uint256 totalTeachers = listOfTeachers.length;
uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;
uint256 principalPay = (bursary * PRINCIPAL_WAGE) / PRECISION;
_authorizeUpgrade(_levelTwo);
for (uint256 n = 0; n < totalTeachers; n++) {
usdc.safeTransfer(listOfTeachers[n], payPerTeacher);
}
usdc.safeTransfer(principal, principalPay);
}
Impact
Unfair graduate
Tools Used
Manual review
Recommendations
Check for 4 reviews before upgrade.
function graduateAndUpgrade(address _levelTwo, bytes memory) public onlyPrincipal {
if (_levelTwo == address(0)) {
revert HH__ZeroAddress();
}
> @ // Ensure all students has 4 reviews before upgrade
for (uint256 i = 0; i < listOfStudents.length; i++) {
if (reviewCount[listOfStudents[i]] < 4) {
revert("Student has not received enough reviews to graduate");
}
}
uint256 totalTeachers = listOfTeachers.length;
uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;
uint256 principalPay = (bursary * PRINCIPAL_WAGE) / PRECISION;
_authorizeUpgrade(_levelTwo);
for (uint256 n = 0; n < totalTeachers; n++) {
usdc.safeTransfer(listOfTeachers[n], payPerTeacher);
}
usdc.safeTransfer(principal, principalPay);
}
Updates
Lead Judging Commences
yeahchibyke 7 months ago
Submission Judgement Published Assigned finding tags:
cut-off criteria not applied
All students are graduated when the graduation function is called as the cut-off criteria is not applied.
Rewards breakdown
nSLOC
243This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.