Submission Details
Impact:
Likelihood:
Lack of Access Control on graduate() function on Level Two Smart Contract
After the Smart Contract has been Upgraded to level two the function graduate( ) in level two has no access control on who can call it , therefore anyone can call the function and graduate the whole class
function graduate() public reinitializer(2) {}
Vulnerability Details
This Access Control Vulnerability may cause anyone in the Hawk School to be able to call the graduate( ) function and graduate the School and even lead to loss of funds in the bursary , as it is not be the principal who may call the function
Tools Used are Visual Studio Code
Recommendations are that the access control should be introduced in the second smart contract of level two like the level one smart contract and making sure that the graduate( ) function can only be called by the Schools Principal ...
Rewards breakdown
nSLOC
243This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.