Hawk High

First Flight #39

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Student can still graduate even though he did not meet the cutOffScore

0xkujen

Summary

One of our invariants is that students must meet a pre-defined cutOff score to be eligible to graduate, however that is not being checked.

Vulnerability Details

If we set a cutOff score of 70, then give the student 4 negative reviews in 4 weeks, they will get a score of 60 which shouldn't allow them to graduate. However, they are able still to do that:

Proof of Concept:

function testStudentCanStillGraduateEvenWhenTheyDidntMeetTheCutoffScore() public {

_studentsEnrolled();

_teachersAdded();

levelTwoImplementation = new LevelTwo();

levelTwoImplementationAddress = address(levelTwoImplementation);

bytes memory data = abi.encodeCall(LevelTwo.graduate, ());

vm.prank(principal);

levelOneProxy.startSession(70);

vm.startPrank(alice);

vm.warp(0);

// give the student 4 negative reviews so he drops under the 70 cutOffScore

vm.warp(block.timestamp + 1 weeks);

levelOneProxy.giveReview(dan, false);

vm.warp(block.timestamp + 1 weeks);

levelOneProxy.giveReview(dan, false);

vm.warp(block.timestamp + 1 weeks);

levelOneProxy.giveReview(dan, false);

vm.warp(block.timestamp + 1 weeks);

levelOneProxy.giveReview(dan, false);

vm.stopPrank();

vm.prank(principal);

levelOneProxy.graduateAndUpgrade(levelTwoImplementationAddress, data);

LevelTwo levelTwoProxy = LevelTwo(proxyAddress);

address[] memory students = levelTwoProxy.getListOfStudents();

for (uint256 i = 0; i < students.length; i++) {

console2.log("Student", i, students[i]);

}

assertEq(students[1], dan);//assure that our 2nd student dan is within the graduated students list

}

Impact

Students can illegally graduate even though their score doesnt go above the necessary cutOffScore.

Tools Used

Manual source code review.

Recommendations

Add a check that validates the student score is above the cutOffScore before executing the graduateAndUpgrade function.

Updates

Lead Judging Commences

yeahchibyke Lead Judge 10 months ago

Submission Judgement Published

Validated

Assigned finding tags:

cut-off criteria not applied

All students are graduated when the graduation function is called as the cut-off criteria is not applied.

Rewards breakdown

nSLOC

243

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!