Session Can Start Without Any Registered Teachers
Summary
The startSession() function permits a new school session to begin even if no teachers are registered. This oversight breaks core protocol logic: students cannot receive the required reviews to graduate, and the expected 60% bursary retention invariant after upgrade is violated due to the unallocated teacher share (35%).
Vulnerability Details
the startSession() implementation does not check that any teachers exist:
0 teachers = no reviews: Students cannot satisfy the review invariant, preventing graduation.
Teacher portion (35%) becomes unallocatable: With no teachers to receive this portion, the distribution logic is broken.
Remaining 60% invariant is violated: Since a large portion of the bursary is incorrectly handled, the actual amount retained in the bursary will exceed 60%, breaking the stated economic design.
Impact
Protocol stalls: Students are unable to progress due to lack of reviews.
Funds misalignment: 35% bursary allocated for teachers cannot be distributed, skewing balances.
Invariant violation: The 60% bursary retention post-upgrade becomes unreliable.
Undermined trust in contract logic and fund distribution guarantees.
Tools Used
Manual Code Review
Recommendations
Add a requirement before starting a session to ensure teachers are present:
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.