Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: medium
Likelihood: medium
Invalid

Function `expel` will run out of gas fees `expel` function .

shubu2581

Summary

As we are not checking for the schoolFees in enroll function , Attacker can enroll from various accounts with a very minimum amount or zero amount . After that If the principal will try to call expel function loop will check for whole data in the storage and that can cost the very high gas fees or function can run out of gas .

Vulnerability Details


As we are not checking for the schoolFees in enroll function , Attacker can enroll from various accounts with a very minimum amount or zero amount . After that If the principal will try to call expel function loop will check for whole data in the storage and that can cost the very high gas fees or function can run out of gas .

https://github.com/CodeHawks-Contests/2025-05-hawk-high/blob/3a7251910c31739505a8699c7a0fc1b7de2c30b5/src/LevelOne.sol#L243


function expel(address _student) public onlyPrincipal {
if (inSession == false) {
revert();
}
if (_student == address(0)) {
revert HH__ZeroAddress();
}
if (!isStudent[_student]) {
revert HH__StudentDoesNotExist();
}
uint256 studentLength = listOfStudents.length;
for (uint256 n = 0; n < studentLength; n++) {
if (listOfStudents[n] == _student) {
listOfStudents[n] = listOfStudents[studentLength - 1];
listOfStudents.pop();
break;
}
} // q update student data after expelling the particular student
isStudent[_student] = false;
emit Expelled(_student);
}

Impact

Function can cost very high gas fees for loop or eventually can run out of gas .

Tools Used

Manual review

Recommendations

Updates

Lead Judging Commences

yeahchibyke Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.