Hawk High

Summary

The graduateAndUpgrade function does not validate whether all students have received exactly 4 reviews (one per week) before proceeding with the upgrade. This oversight allows the system to upgrade even if some students have incomplete reviews, violating the protocol’s invariants. This leads to unfair graduations or expulsions, as students' graduation statuses could be determined based on incomplete data.

Vulnerability Details

The graduateAndUpgrade function currently lacks any checks to ensure that all students have received exactly 4 reviews. This opens up the possibility for the system to upgrade when reviews are incomplete, which breaks the system's expected behavior and can cause significant issues:

• Exploit Scenario:

  • A student receives only 3 reviews (e.g., a teacher forgets to submit the Week 4 review).

  • The principal then calls graduateAndUpgrade.

  • Despite the missing review, the system upgrades result in an incomplete evaluation of the student.

  • The student is graduated or expelled based on inaccurate data, violating protocol invariants.

Code Snippet: Vulnerable Path

Impact

• Fairness: Students may be graduated or expelled based on incomplete review data, leading to unfair decisions.

• Protocol Integrity: The invariant that "upgrades require all reviews" is violated, breaking the system's intended logic.

• Financial Safety: Payments (such as teacher wages) may be made before all required conditions (i.e., reviews) are met, leading to potential misuse of funds or incorrect disbursement.

• Data Accuracy: Incomplete reviews lead to decisions based on incorrect data, damaging trust in the system.

Tools Used

Manual review

Recommendations

To address this vulnerability, a check should be added in the graduateAndUpgrade function to ensure that all students have received exactly 4 reviews before proceeding with the upgrade or making any payments.

Recommended Fix:

Key Fixes:

• Loop Through All Students: Iterate over listOfStudents to validate each student's reviewCount.

• Custom Error Handling: If any student has less than 4 reviews, revert the transaction with a custom error HH__IncompleteReviews.

• Pre-Upgrade Validation: Ensure that the review validation occurs before any payments or upgrades are processed, preventing partial state changes.

Why This Matters

• Fairness: This ensures that students are evaluated fairly, based on complete data (i.e., 4 weeks of reviews).

• Protocol Integrity: The "upgrades require all reviews" rule is fundamental to maintaining trust in the system.

• Financial Safety: Payments (such as teacher wages) should only occur after all the contractual obligations (4 reviews) are met, ensuring no funds are disbursed prematurely.

• Data Accuracy: Preventing upgrades when reviews are incomplete ensures that graduation or expulsion decisions are based on correct information.

Recommendations

• Gas Optimization: Consider tracking the total number of students and reviews to avoid unnecessary loops if feasible.

• Event Logging: Emit an event (e.g., IncompleteReviewsDetected) for transparency and easier monitoring.

• Automated Alerts: Implement off-chain monitoring systems to notify teachers when reviews are pending or incomplete.