The LevelOne::giveReview
function fails to increment the review count for a student after each review. As a result, students can receive unlimited reviews, and the system cannot correctly track progress toward graduation, which requires exactly 4 reviews. This breaks the intended upgrade logic.
In the current implementation of the giveReview
function, the contract does not update the reviewCount
for each student after a review is given. This creates a logic flaw where:
Infinite Reviews Allowed: There is no limit or tracking, so a student can receive an unlimited number of reviews without the system being aware.
Graduation Blocked: Graduation requires exactly 4 reviews, but since reviewCount is never incremented, the system believes the student has zero reviews, making graduation unreachable.
Broken State Logic: This prevents the contract from progressing as intended, leading to a permanent stuck state for students.
POC
Add this code in LevelOneAndGraduateTest.t.sol
Add this code in LevelOne.sol
Graduation Blocked: Students can never graduate since the system doesn’t recognize completed reviews.
Infinite Reviews: A student may be reviewed an unlimited number of times, leading to redundant or malicious activity.
System Stuck in Incomplete State: The upgrade or transition logic relying on review counts will fail, breaking the intended contract flow.
Wasted Gas: Users may unknowingly spend gas on reviews that don’t progress the student’s status
Foundry - Manual testing
Add following line in LevelOne::giveReview
inside if statement.
`reviewCount` for students is not updated after each review session
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.