Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: high
Invalid

Missing Positive Review Impact on Student Score

igorwarkocz

Summary

The giveReview function in LevelOne.sol only handles negative reviews by decreasing student scores, but fails to reward students for positive reviews, creating an unbalanced evaluation system.

Vulnerability Details

function giveReview(address _student, bool review) public onlyTeacher {
if (!isStudent[_student]) {
revert HH__StudentDoesNotExist();
}
require(reviewCount[_student] < 5, "Student review count exceeded!!!");
require(block.timestamp >= lastReviewTime[_student] + reviewTime, "Reviews can only be given once per week");
// where `false` is a bad review and true is a good review
// Only handles negative reviews!
if (!review) {
studentScore[_student] -= 10;
}
// Update last review time
lastReviewTime[_student] = block.timestamp;
emit ReviewGiven(_student, review, studentScore[_student]);
}

  • Only negative reviews (false) affect student scores: studentScore[_student] -= 10

  • Positive reviews (true) have no impact on student scores

  • This creates a one-sided scoring system that only punishes

Impact

Low: This vulnerability:

  • Creates an unfair evaluation system

  • Only penalizes students without rewards

  • May demotivate students from performing well

  • Makes the review system less effective

Tools Used

Manual code review

Recommendations

Add positive score impact for good reviews:

if (review) {
studentScore[_student] += 10;
} else {
studentScore[_student] -= 10;
}
Updates

Lead Judging Commences

yeahchibyke Lead Judge 27 days ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.