Hawk High

First Flight #39

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: high

Likelihood: high

Invalid

Review Logic is one-sided

mentemdeus

Summary

In the giveReview function, teachers can submit weekly reviews for students. If a review is negative (false), the student's score decreases by 10 points. However, positive reviews (true) do not affect the student's score. This asymmetry means that student scores can only decrease over time, regardless of positive feedback.

Vulnerability Details

Issue: The function reduces student scores on negative reviews but doesn't increase them on positive ones.

Implication: Students cannot improve their scores through positive behavior, leading to a gradual decline in scores over time.

function giveReview(address _student, bool review) public onlyTeacher {

if (!isStudent[_student]) {

revert HH__StudentDoesNotExist();

}

require(reviewCount[_student] < 5, "Student review count exceeded!!!");

require(block.timestamp >= lastReviewTime[_student] + reviewTime, "Reviews can only be given once per week");

// where `false` is a bad review and true is a good review

if (!review) {

studentScore[_student] -= 10;

}

// Update last review time

lastReviewTime[_student] = block.timestamp;

emit ReviewGiven(_student, review, studentScore[_student]);

}

Impact

The inability to recover lost points may discourage students from improving their performance.
The design inherently favors score reduction, which could introduce bias against students.
Perceived unfairness in the review system could damage the institution's reputation and stakeholder trust.

Tools Used

Manual code review

Recommendations

Implement Positive Score Adjustments: Modify the giveReview function to increase the student's score on positive reviews, ensuring a balanced evaluation system.

if (review) {

studentScore[_student] += 10;

} else {

studentScore[_student] -= 10;

}

Updates

Lead Judging Commences

yeahchibyke Lead Judge 2 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Rewards breakdown

nSLOC

243

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.