Unlimited Student Reviews Due to Unincremented Review Count in [LevelOne::giveReview](https://github.com/CodeHawks-Contests/2025-05-hawk-high/blob/main/src/LevelOne.sol#L277-L293)
Summary
The giveReview function fails to increment the reviewCount for students, allowing teachers to submit unlimited reviews despite the contract's requirement of a maximum of four reviews per student. Additionally, the system upgrade process does not enforce that all students have received exactly four reviews, violating core protocol rules.
Vulnerability Details
Affected Components:
giveReview Function: The function does not increment the reviewCount after submitting a review.
graduateAndUpgrade Function: Missing validation to ensure all students have exactly four reviews before upgrading.
Unlimited Reviews:
In giveReview, reviewCount[_student] is checked (require(reviewCount[_student] < 5) but never incremented. This allows bypassing the intended four-review limit.
Missing Review Validation During Upgrade:
The graduateAndUpgrade function does not verify if all students have received four reviews.
Impact
-
Unlimited Reviews: Students may receive more than four reviews, skewing scores and allowing unfair graduations.
-
Incomplete Reviews: Upgrades can proceed without all students completing four reviews, violating protocol rules and risking invalid state transitions.
Tools Used
Recommendations
Increment reviewCount in giveReview:
Enforce Four-Review Requirement During Upgrade:
Adjust Review Count Check (Optional):
Clarify the maximum reviews by updating the check to reviewCount[_student] < 4 if the intended limit is four (current logic allows five due to <5).
Lead Judging Commences
reviewCount not updated
`reviewCount` for students is not updated after each review session
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.