Submission Details
Impact:
Likelihood:
No Teacher Address Recovery Mechanism
Summary
Teachers who lose access to their wallet have no way to recover or update their address.
Vulnerability Details
Root cause:
No address update functionality
No recovery mechanism
Permanent loss of access possible
Initial State:
Teacher loses private key
No way to update address
Funds and access lost
Step 1: Teacher loses wallet access
Step 2: No recovery possible
Step 3: Teacher permanently locked out
Step 4: Funds become inaccessible
Impact
Permanent loss of access
Trapped teacher payments
Administrative overhead
System inflexibility
Tools Used
Manual Review
Recommendations
function updateTeacherAddress(
address _oldAddress,
address _newAddress,
bytes memory _signature
) public onlyPrincipal {
require(isTeacher[_oldAddress], "Not a teacher");
require(!isTeacher[_newAddress], "Address in use");
require(verifySignature(_oldAddress, _newAddress, _signature), "Invalid signature");
isTeacher[_oldAddress] = false;
isTeacher[_newAddress] = true;
// Update teacher in list
for(uint i = 0; i < listOfTeachers.length; i++) {
if(listOfTeachers[i] == _oldAddress) {
listOfTeachers[i] = _newAddress;
break;
}
}
emit TeacherAddressUpdated(_oldAddress, _newAddress);
}
Rewards breakdown
nSLOC
243This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.