Submission Details
Severity:
The system does not record which students meet the `cutOffScore` before the upgrade
Description:
According to the documentation, only students with a score equal to or above the cutOffScore should be promoted. However, LevelOne does not explicitly store which students meet this criterion before the upgrade, and LevelTwo cannot determine this.
Impact:
All students are considered promoted, regardless of their performance.
The expected functional invariant is broken.
It may affect subsequent functionalities or trust in the educational system.
Recommende Mitigation:
+ mapping(address => bool) public studentPromoted;
+ function _promoteEligibleStudents() internal {
+ uint256 total = listOfStudents.length;
+ for (uint256 i = 0; i < total; i++) {
+ address student = listOfStudents[i];
+ if (studentScore[student] >= cutOffScore) {
+ studentPromoted[student] = true;
+ emit Graduated(student);
+ }
+ }
+ }
Updates
Lead Judging Commences
yeahchibyke 4 months ago
Submission Judgement Published Assigned finding tags:
cut-off criteria not applied
All students are graduated when the graduation function is called as the cut-off criteria is not applied.
Rewards breakdown
nSLOC
243This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.