The function LevelOne::giveReview
can be called even if the session is not active, causing a logic break.
A principal can call the function LevelOne::giveReview
even if the session is not active. This can lead to unexpected behavior and security vulnerabilities.
PoC
The impact of this vulnerability is LOW.
Manual review
Consider adding a check in the function LevelOne::giveReview
which revert if the session is not active.
`inSession` not updated after during upgrade
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.