Hawk High

First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Submission Details
Severity: low
Valid

`LevelOne::giveReview` can be called even if the session is not active causing a logic break.

Summary

The function LevelOne::giveReview can be called even if the session is not active, causing a logic break.

Vulnerability Details

A principal can call the function LevelOne::giveReview even if the session is not active. This can lead to unexpected behavior and security vulnerabilities.

PoC

function test_give_review_before_session_start() public {
vm.warp(block.timestamp + 1 weeks);
vm.roll(block.number + 1);
vm.startPrank(principal);
levelOneProxy.addTeacher(alice);
levelOneProxy.addTeacher(bob);
vm.stopPrank();
vm.startPrank(clara);
usdc.approve(address(levelOneProxy), schoolFees);
levelOneProxy.enroll();
vm.stopPrank();
vm.startPrank(alice);
levelOneProxy.giveReview(clara, false);
vm.stopPrank();
assert(levelOneProxy.studentScore(clara) == 90);
assert(levelOneProxy.getSessionStatus() == false);
}

Impact

The impact of this vulnerability is LOW.

Tools Used

Manual review

Recommendations

Consider adding a check in the function LevelOne::giveReview which revert if the session is not active.

function giveReview(address _student, bool _isPositive) public onlyTeacher {
+ if (!inSession) {
+ revert HH__NotAllowed();
+ }
if (!isStudent[_student]) {
revert HH__StudentDoesNotExist();
}
require(reviewCount[_student] < 5, "Student review count exceeded!!!");
. . .
}
Updates

Lead Judging Commences

yeahchibyke Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

session state not updated

`inSession` not updated after during upgrade

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.