Submission Details
Severity:
Breaking invariant - Any student who doesn't meet the `cutOffScore` should not be upgraded
Summary
In file LevelOne.sol function graduateAndUpgrade()
It is possible to upgrade the students that are below the cutOffScore
Vulnerability Details
In the graduateAndUpgrade(), there's no check if a student passes the cutOffScore
function graduateAndUpgrade(
address _levelTwo,
bytes memory
) public onlyPrincipal {
if (_levelTwo == address(0)) {
revert HH__ZeroAddress();
}
uint256 totalTeachers = listOfTeachers.length;
uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;
uint256 principalPay = (bursary * PRINCIPAL_WAGE) / PRECISION;
_authorizeUpgrade(_levelTwo);
for (uint256 n = 0; n < totalTeachers; n++) {
usdc.safeTransfer(listOfTeachers[n], payPerTeacher);
}
usdc.safeTransfer(principal, principalPay);
}
Impact
A failed student still able to be upgraded
Tools Used
Manual review
Recommendations
Considering adding checks to make sure a below cutOffScore student cannot be upgraded in LevelTwo.sol graduate() function
function graduate() external {
address[] memory passing = new address[](listOfStudents.length);
uint count;
for (uint i = 0; i < listOfStudents.length; i++) {
address stu = listOfStudents[i];
if (studentScore[stu] >= cutOffScore) {
passing[count++] = stu;
}
}
// make sure count > 0
}
Updates
Lead Judging Commences
yeahchibyke 4 months ago
Submission Judgement Published Assigned finding tags:
cut-off criteria not applied
All students are graduated when the graduation function is called as the cut-off criteria is not applied.
Rewards breakdown
nSLOC
243This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.