Hawk High

First Flight #39

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

`cutOffScore` Is Never Enforced in graduateAndUpgrade and never used, Allowing Underperforming Students to Graduate

muh_jehanzaib

Description:
The cutOffScore variable is intended to act as a minimum score threshold for students to be eligible for graduation. While it is correctly set when the session starts, it is never referenced or enforced during the upgrade logic in graduateAndUpgrade.

As a result, students with scores below the required threshold (e.g., due to poor reviews) can still graduate and be upgraded, violating the intended academic grading policy and making the performance tracking via studentScore meaningless.

Impact

Unqualified Students Graduate: Students with scores below cutOffScore can graduate and be upgraded.
Bypass of Academic Policy: Defeats the purpose of the review and scoring system meant to enforce academic performance.
Broken Trust and Logic: Undermines the integrity of the grading and upgrade system.

Proof of Concept

Assume cutOffScore is 60 and one student has a score of 40 (after reviews).

function test_reviewCountIncreasingByAddingReviewsByTeacher() public schoolInSession {

vm.warp(block.timestamp + 1 weeks);

vm.prank(alice);

levelOneProxy.giveReview(harriet, false);

vm.warp(block.timestamp + 2 weeks);

vm.prank(alice);

levelOneProxy.giveReview(harriet, false);

vm.warp(block.timestamp + 3 weeks);

vm.prank(alice);

levelOneProxy.giveReview(harriet, false);

vm.warp(block.timestamp + 4 weeks);

vm.prank(alice);

levelOneProxy.giveReview(harriet, false);

}

function test_confirm_can_graduate_without_checking_cutOffScore() public {

test_reviewCountIncreasingByAddingReviewsByTeacher();

levelTwoImplementation = new LevelTwo();

levelTwoImplementationAddress = address(levelTwoImplementation);

bytes memory data = abi.encodeCall(LevelTwo.graduate, ());

vm.prank(principal);

levelOneProxy.graduateAndUpgrade(levelTwoImplementationAddress, data);

LevelTwo levelTwoProxy = LevelTwo(proxyAddress);

console2.log(levelTwoProxy.bursary());

console2.log(levelTwoProxy.getTotalStudents());

}

Recommended Mitigation

Add a check in graduateAndUpgrade to ensure only students with scores >= cutOffScore are allowed to proceed.

uint256 noOfStudents = listOfStudents.length;

for (uint256 i = 0; i < noOfStudents; i++) {

address student = listOfStudents[i];

require(reviewCount[student] == 4, "Student must have 4 reviews");

require(studentScore[student] >= cutOffScore, "Student did not meet cutOffScore");

}

// and the student must be expl from the session.

Updates

Lead Judging Commences

yeahchibyke Lead Judge 4 months ago

Submission Judgement Published

Validated

Assigned finding tags:

cut-off criteria not applied

All students are graduated when the graduation function is called as the cut-off criteria is not applied.

Rewards breakdown

nSLOC

243

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.