based on the following restriction in require(reviewCount[_student] < 5, "Student review count exceeded!!!");
in the LevelOne::giveReview
function and the protocol rule: each student must have gotten 4 reviews
the teachers are only allowed to give each student only 4 reviews. But This bug allows the teacher to review the student more than 4 times due to a broken access control in the LevelOne::giveReview
function logic implementation.
1- Navigate to test/LeveOnelAndGraduateTest.t.sol
file.
2- Add the following PoC code to the test
file:
3- in the command line, run the following command: forge test --match-test testTeacherCanReviewMoreThanFourTimes -vvv
4- The output will be as following:
based on the protocol rules the teacher should only give a student only 4 reviews ( one review per a week lasts for a complete 4 weeks "the school session period" ), but this restriction is not configured well, giving the teacher the ability to fully downgrade the student review to 0 by reviewing a student with 10 negative reviews.
Manual Recon
foundry test suite
in the LevelOne::giveReview
function add the following line of code :
`reviewCount` for students is not updated after each review session
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.