Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Graduation Issues: No sessionEnd, cutOffScore, or student eval check

yamthedoor

Summary

The gruduation function does not check the following which are required by the docs.

  • sessionEnd

  • The amount of reviews each student has

  • The final student score (cutOffScore)

Vulnerability Details

In the graduateAndUpgrade function the docs require that before a system upgrade can take place the school's sessionEnd has been reached. This function does not check if we are past the sessionEnd allowing the Principal to call the graduate function before the session has ended.

The docs state that before a system upgrade all students must have 4 reviews. This function does not check how many reviews the each student has, allowing the principal to upgrade the system with students having less than 4 reviews.

Finally, the cutOffScore is not checked for any student, allowing students who did not make the cut to graduate to the next level.

function graduateAndUpgrade(address _levelTwo, bytes memory) public onlyPrincipal {
if (_levelTwo == address(0)) {
revert HH__ZeroAddress();
}
uint256 totalTeachers = listOfTeachers.length;
uint256 totalTeacherPay = (bursary * TEACHER_WAGE) / PRECISION;
uint256 payPerTeacher = totalTeacherPay / totalTeachers;
uint256 principalPay = (bursary * PRINCIPAL_WAGE) / PRECISION;
_authorizeUpgrade(_levelTwo);
for (uint256 n = 0; n < totalTeachers; n++) {
usdc.safeTransfer(listOfTeachers[n], payPerTeacher);
bursary -= payPerTeacher;
}
usdc.safeTransfer(principal, principalPay);
bursary -= principalPay;
}

Impact

Students who did not make the cut will always graduate.

Its possible that an upgrade will take place without a student receiving the 4 required reviews.

Its possible the prinicpal could call the graduateAndUpgrade before the session has ended.

Tools Used

Manual review

Recommendations

I recommend making the following changes below. I've included the check for the session end and requiring each student to have 4 or more reviews and

function graduateAndUpgrade(address _levelTwo, bytes memory) public onlyPrincipal {
if (_levelTwo == address(0)) {
revert HH__ZeroAddress();
}
// Verify session has ended
require(block.timestamp >= sessionEnd, "Session is still in progress");
// Check if all students have received required reviews and meet cutoff score
for (uint256 i = 0; i < listOfStudents.length; i++) {
address student = listOfStudents[i];
require(reviewCount[student] == 4, "Not all students have received 4 reviews");
require(studentScore[student] >= cutOffScore, "Not all students meet cutoff score");
}
uint256 totalTeachers = listOfTeachers.length;
uint256 totalTeacherPay = (bursary * TEACHER_WAGE) / PRECISION;
uint256 payPerTeacher = totalTeacherPay / totalTeachers;
uint256 principalPay = (bursary * PRINCIPAL_WAGE) / PRECISION;
_authorizeUpgrade(_levelTwo);
for (uint256 n = 0; n < totalTeachers; n++) {
usdc.safeTransfer(listOfTeachers[n], payPerTeacher);
bursary -= payPerTeacher;
}
usdc.safeTransfer(principal, principalPay);
bursary -= principalPay;
}
Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

cut-off criteria not applied

All students are graduated when the graduation function is called as the cut-off criteria is not applied.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.