Hawk High

Summary

The graduateAndUpgrade function fails to enforce that the school session has fully completed (i.e., 4 weeks have passed) before allowing an upgrade. This omission allows the principal to execute an upgrade prematurely, violating the protocol’s core timing invariant and resulting in incorrect system state transitions.

Vulnerability Details

When startSession() is called, it sets sessionEnd = block.timestamp + 4 weeks. The design assumes that students will receive weekly reviews for 4 weeks before graduation and contract upgrade. However, graduateAndUpgrade lacks a require(block.timestamp >= sessionEnd) check.

Without this, the function can be called early, even just a few seconds after the session starts, enabling graduation and upgrade based on incomplete review data. This disrupts the core business logic and undermines protocol fairness and integrity.

Relevant Code Snippet (Vulnerable Path):

Impact

• Premature Graduation: Students may graduate with incomplete weekly reviews, bypassing necessary evaluations.

• Inaccurate Cutoff Checks: CutoffScore decisions may be made on partial data (e.g., 1–3 reviews instead of 4).

• Early Payouts: Teachers and principals may be paid before session obligations are fulfilled.

• Broken Upgrade Window Enforcement: Time-gated protocol logic becomes untrustworthy, violating system expectations.

This weakens trust in the system and could lead to governance disputes or user dissatisfaction.

Tools Used

Manual review

Recommendations

Add explicit checks to ensure the session has started and has completed before allowing upgrades via graduateAndUpgrade.

Recommended Fix:

These checks ensure that upgrade logic only executes after the required 4-week session duration has passed and prevent misuse of administrative privileges.