Hawk High

First Flight #39

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: high

Likelihood: high

Invalid

LevelOne{} is not approved to spend the msg.sender(student)'s USDC tokens in the enroll() function, the `safeTransferFrom` call will always revert, and students cannot enroll.

ayomiposi233

Summary

The contract LevelOne{} is not approved to spend the msg.sender(student)'s USDC tokens in the enroll() function.

Vulnerability Details

The usdc.safeTransferFrom(msg.sender, address(this), schoolFees);call that is called by LevelOne{} will always revert due to the contract not being an approved spender of the USDC balance of Student being msg.sender in the enroll() function, therefore students cannot enroll and the protocol does not get to function because there will be no students to review. LevelOne{}must have an approved allowance to be able to successfully call usdc.safeTransferFrom(msg.sender, address(this), schoolFees);.

Impact

The Invariants of the protocol are broken. As students are unable to enroll, no school fees are paid and the principal and teachers do not get paid because there are no students to review.

poc

The test below will pass because without explicitly giving approval for the USDC tokens to be spent, the enroll()function will always revert with an ERC20InsufficientAllowance()error.

function test_NotApprovedSpender_poc() public {

vm.expectRevert();

vm.startPrank(clara);

levelOneProxy.enroll();

vm.stopPrank();

}

Tools Used

Manual review

Recommendations

Add an approval in the enroll()function as seen in line 8 of the code snippet below

function enroll() external notYetInSession {

if (isTeacher[msg.sender] || msg.sender == principal) {

revert HH__NotAllowed();

}

if (isStudent[msg.sender]) {

revert HH__StudentExists();

}

+ usdc.approve(address(this), schoolFees);

usdc.safeTransferFrom(msg.sender, address(this), scholFees);

listOfStudents.push(msg.sender);

isStudent[msg.sender] = true;

studentScore[msg.sender] = 100;

bursary += schoolFees;

emit Enrolled(msg.sender);

}

Updates

Lead Judging Commences

yeahchibyke Lead Judge

4 months ago

yeahchibyke Lead Judge 3 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

yeahchibyke Lead Judge 3 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Rewards breakdown

nSLOC

243

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.