Submission Details
Impact:
Likelihood:
Missing Check for `schoolFees` in `enroll` function
Summary
Missing check for required schoolFees in `enroll function . User can deposit very small amount and let itself enrolled in session .
Vulnerability Details
Missing check for required schoolFees in `enroll function . User can deposit very small amount and let itself enrolled in session .
function enroll() external notYetInSession {
if (isTeacher[msg.sender] || msg.sender == principal) {
revert HH__NotAllowed();
}
if (isStudent[msg.sender]) {
revert HH__StudentExists();
}
usdc.safeTransferFrom(msg.sender, address(this), schoolFees);
listOfStudents.push(msg.sender);
isStudent[msg.sender] = true;
studentScore[msg.sender] = 100;
bursary += schoolFees; // q we havent taken the input of school fees and not checked for it
emit Enrolled(msg.sender);
}
Impact
User can enroll in the sessrion by paying a very little fees .
Tools Used
manual review
Recommendations
Add the check for schoolFees
function enroll(uint256 _schoolFees) external notYetInSession {
if (isTeacher[msg.sender] || msg.sender == principal) {
revert HH__NotAllowed();
}
if (isStudent[msg.sender]) {
revert HH__StudentExists();
}
if (_schoolFees != schoolFees) {
revert HH__HawkHighFeesNotPaid();
}
usdc.safeTransferFrom(msg.sender, address(this), _schoolFees);
listOfStudents.push(msg.sender);
isStudent[msg.sender] = true;
studentScore[msg.sender] = 100;
bursary += _schoolFees;
emit Enrolled(msg.sender);
}
Rewards breakdown
nSLOC
243This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.