Hawk High

First Flight #39

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: high

Likelihood: high

Invalid

Misaligned Weekly Review Logic in giveReview Function

kweks

Summary

The giveReview function uses relative timestamps to enforce a one-week delay between reviews, allowing reviews to be submitted too early or too late relative to the session’s weekly schedule. This violates the protocol’s invariant that students must receive exactly one review per session-aligned week (Weeks 1–4) and introduces fairness issues, upgrade blockages, and protocol inconsistencies.

Vulnerability Details

function giveReview(address _student, bool review) public onlyTeacher {

require(reviewCount[_student] < 4, "Max 4 reviews");

// Flawed relative timestamp check

require(

block.timestamp >= lastReviewTime[_student] + 1 weeks,

"Reviews can only be given once per week"

);

// ...

}

This check only ensures that at least one week has passed since the last review, not that the review falls into the correct session week.
A teacher could:
- Submit Week 1’s review on Day 2.
- Submit Week 2’s review on Day 9 (just one week later).
This misalignment shifts the review window forward or backward, breaking the 1:1 mapping between reviews and session weeks.

Exploit Scenarios

1. Early Review Submission

Session Start: January 1.
The teacher submits first review on January 2.
Second review allowed on January 9.
Result: Reviews are completed before Week 4 ends, but are misaligned with actual session weeks.

2. Delayed Review Submission

Teacher submits Week 3 review late, e.g., on January 25.
Week 4 review is now blocked until after January 31.
Result: Session ends with only 3 reviews, blocking the student's upgrade.

Recommended Fix

Replace the relative check with an absolute week check based on session start time:

function giveReview(address _student, bool review) public onlyTeacher {

require(isStudent[_student], "Student does not exist");

require(reviewCount[_student] < 4, "Max 4 reviews");

uint256 currentWeek = reviewCount[_student] + 1;

require(

block.timestamp >= sessionStart + currentWeek * 1 weeks,

"Cannot review for this week yet"

);

if (!review) {

studentScore[_student] -= 10;

}

reviewCount[_student]++;

emit ReviewGiven(_student, review, studentScore[_student]);

}

Fix Benefits

Enforces one review per absolute week, no overlap or shifting.
Prevents early stacking or missed reviews.
Maintains fairness and session integrity.
Prevents upgrade blocks due to misaligned reviews.

Recommendations

Fix review logic as above using sessionStart + N * 1 weeks.
Add tests for early and late review attempts.
Emit an event on review rejection due to timing to aid debugging.
Frontends and scripts should be updated to reflect the new review timing.

Conclusion

This logical bug fundamentally breaks the protocol's time-based structure and introduces real risks of upgrade failure, inconsistent scoring, and unfair progression. Aligning reviews with absolute session weeks is critical to upholding the protocol's integrity.

Updates

Lead Judging Commences

yeahchibyke Lead Judge 3 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Rewards breakdown

nSLOC

243

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.