Missing Score Reset Mechanism and Inconsistent Student Evaluation
Summary
The LevelOne contract lacks a mechanism to reset student scores between sessions, creating a critical design flaw where scores only decrease and never reset. When combined with the arbitrary cutOffScore setting, this creates situations where students can be disproportionately affected by past performance with no recovery path, and new students have an unfair advantage over continuing students.
The contract design has three related issues:
Student scores are initialized to 100 at enrollment but never reset between sessions:
Scores can only decrease (by 10 points per bad review), with no mechanism to increase:
The principal can set any cutOffScore at the start of a session:
This creates a state where continuing students carry forward penalties but new students start fresh.
Impact
The impact is significant for system operation:
Academic Unfairness: Continuing students are at a disadvantage compared to new students who start with 100 points
System Instability: As student scores continuously decrease over time, the principal is forced to continually lower the cutOffScore to maintain enrollment
Enrollment Timing Attack: Students may deliberately delay enrollment to optimize their chances, creating enrollment patterns that undermine the regular academic calendar
This is a medium severity issue as it directly impacts the core functionality of the academic system without requiring malicious actors.
Tools Used
Manual code review
Foundry for testing
Recommendations
Consider implementing a more balanced scoring system, or add a score reset mechanism at the start of each session
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.