Hawk High

First Flight #39

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Missing Session End Check Keeps School in Perpetual Session breaks Invariant

batblock

Summary

The sessionEnd variable is never validated within the contract, causing the inSession flag to remain permanently true. This breaks a key system invariant, as upgrades and transitions are conditioned on the session having ended. Without proper enforcement of sessionEnd, the contract remains stuck in an active session state, preventing expected progression and system upgrades.

Vulnerability Details

The system relies on the invariant that sessionEnd must be reached for a contract upgrade to take place. However, the code fails to check if the current time has surpassed sessionEnd, meaning the inSession flag remains true indefinitely.

POC:

Add this test in LevelOneAndGraduateTest.t.sol

function testSessionEndIsActiveForever() public schoolInSession {

vm.warp(block.timestamp + 5 weeks);

assertLt(levelOneProxy.getSessionEnd() , block.timestamp);

assertTrue(levelOneProxy.getSessionStatus(), "Session should still be true due to missing check");

}

Impact

This creates a critical flaw:

LevelOne contract rely on session timing (e.g., graduation) will be locked in a perpetual session state.
Students will never graduate, and the graduateAndUpgrade function will fail because the system believes the session is still ongoing.
Teachers can still give reviews, despite the session being over.
Students can still enroll, even though enrollment should be closed.
Principals can still add/remove teachers, modifying session roles outside the valid timeframe.
Principals can expel students, even when the session is no longer active.
Principal can upgrade levelOne to LevelTwo

This breaks the invariant and expected lifecycle of the protocol and undermines its upgradeability and progression logic.

Tools Used

Foundry

Recommendations

Implement strict session time checks across all time-sensitive functions in the contract. Specifically:

Add a modifier on all the following functions:

modifier onlyDuringSession() {

if(block.timestamp >= sessionEnd);

{

revert HH__NotInSession ( );

}

giveReview()

enrollStudent()

addTeacher() / removeTeacher()

expel()

This ensures that only changes can be made during session time, preserving the logical integrity of the system and preventing misuse.

Updates

Lead Judging Commences

yeahchibyke Lead Judge 4 months ago

Submission Judgement Published

Validated

Assigned finding tags:

session state not updated

`inSession` not updated after during upgrade

Rewards breakdown

nSLOC

243

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.