Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: medium
Likelihood: medium
Invalid

Wrong require condition in `giveReview` in contract `levelOne.sol`

shubu2581

Summary

As per the docs , if the review of any student is less then 4 , then the session will not upgrade . But in giveReview we have a require condition which allows the review count only less then 5 not equal to 5 . So , it will always prevent the contract to upgrade .

Vulnerability Details

As per the docs , if the review of any student is less then 4 , then the session will not upgrade . But in giveReview we have a require condition which allows the review count only less then 5 not equal to 5 . So , it will always prevent the contract to upgrade .

https://github.com/CodeHawks-Contests/2025-05-hawk-high/blob/3a7251910c31739505a8699c7a0fc1b7de2c30b5/src/LevelOne.sol#L281

require(reviewCount[_student] < 5, "Student review count exceeded!!!");
function giveReview(address _student, bool review) public onlyTeacher {
if (!isStudent[_student]) {
revert HH__StudentDoesNotExist();
}
require(reviewCount[_student] < 5, "Student review count exceeded!!!");
require(block.timestamp >= lastReviewTime[_student] + reviewTime, "Reviews can only be given once per week");
if (!review) {
studentScore[_student] -= 10;
}
// Update last review time
lastReviewTime[_student] = block.timestamp;
emit ReviewGiven(_student, review, studentScore[_student]);
}

Impact

This will prevent system to upgrade by not allowing teachers to give reviewCount > 5 to students .

Tools Used

manual review

Recommendations

Correct the conditions for review count

require(reviewCount[_student] <= 5, "Student review count exceeded!!!");
Updates

Lead Judging Commences

yeahchibyke Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.