Hawk High

First Flight #39

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Mismatch In Storage Layout Of `LevelOne` And `LevelTwo`

azriel20005

Description:
The storage layout of the LevelTwo contract differs from LevelOne as the variables present are not exactly the same. There are many missing variables in LevelTwo that are present in LevelOne.

Impact:
Since the LevelTwo contract only defines functions to read variables, this makes the contract unusable as the values returned would be wrong, since the proxy would follow the layout of the LevelOne contract when it was first initialised.

Proof of Concept:
NA

Recommended Mitigation:
Change the layout of LevelTwo to exactly follow that of LevelOne

address principal;

bool inSession;

++ uint256 schoolFees;

uint256 public sessionEnd;

uint256 public bursary;

uint256 public cutOffScore;

mapping(address => bool) public isTeacher;

mapping(address => bool) public isStudent;

mapping(address => uint256) public studentScore;

++ mapping(address => uint256) public reviewCount;

++ mapping(address => uint256) private lastReviewTime;

address[] listOfStudents;

address[] listOfTeachers;

Updates

Lead Judging Commences

yeahchibyke Lead Judge 24 days ago

Submission Judgement Published

Validated

Assigned finding tags:

storage collision

Rewards breakdown

nSLOC

243

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.