Hawk High

First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Submission Details
Severity: low
Valid

reviewCount is declared but not tracked or incremented

Summary

In the giveReview function there is a require for a review count but the review is not being tracked or incremented.

Vulnerability Details

In the following code:

function giveReview(address _student, bool review) public onlyTeacher {
if (!isStudent[_student]) {
revert HH__StudentDoesNotExist();
}
require(reviewCount[_student] < 5, "Student review count exceeded!!!");
require(block.timestamp >= lastReviewTime[_student] + reviewTime, "Reviews can only be given once per week");

As we can see in line 5 there is require statement for reviewCount but there is no checks or tracking for the no of reviews or them being increased.

Impact

As there is no increment in the reviewCount it always remains 0 and the teacher can give unlimited reviews because according to the code it remains always > 5.

Tools Used

Manual testing

Recommendations

We can add the following line of code to fix the issue:

reviewCount[_student] += 1;

Fixed function after adding the code:

require(reviewCount[_student] < 5, "Student review count exceeded!!!");
require(block.timestamp >= lastReviewTime[_student] + reviewTime, "Reviews can only be given once per week");
if (!review) {
studentScore[_student] -= 10;
}
reviewCount[_student] += 1; // This is the added line of code
lastReviewTime[_student] = block.timestamp;
Updates

Lead Judging Commences

yeahchibyke Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

reviewCount not updated

`reviewCount` for students is not updated after each review session

yeahchibyke Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

reviewCount not updated

`reviewCount` for students is not updated after each review session

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.