Hawk High

First Flight #39

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: low

Likelihood: medium

Invalid

L-06: Missing Validity Check for `_cutOffScore` in `startSession`

albert

Summary

The startSession function accepts a _cutOffScore parameter but performs no validation on it. The principal can set an unreasonably high _cutOffScore (e.g., greater than 100, the initial student score) making graduation impossible, or a very low score (e.g., 0) making graduation trivial.

Vulnerability Details

In LevelOne.sol#startSession:

function startSession(uint256 _cutOffScore) public onlyPrincipal notYetInSession {

sessionEnd = block.timestamp + 4 weeks;

inSession = true;

cutOffScore = _cutOffScore; // No validation on _cutOffScore

emit SchoolInSession(block.timestamp, sessionEnd);

}

Students start with a score of 100, and bad reviews decrease it. Good reviews do not increase it. If _cutOffScore is set to, for example, 101, no student can ever graduate. If set to 0, almost any student (unless they get many bad reviews to reach exactly 0 and the comparison is >=) might graduate.

Impact

Unfair or Impossible Graduation Conditions: The principal can unilaterally set graduation criteria that are either impossible to meet or trivially easy, undermining the fairness and intended functionality of the school system.
Violation of Implicit Fairness: While the principal has control, an implicit expectation of a reasonable system usually exists. Allowing extreme, unvalidated values for cutOffScore can violate this.

Tools Used

Manual Review, Logical Analysis.

Recommendations

Add a require statement in startSession to ensure _cutOffScore is within a reasonable range. For instance, it should be greater than 0 and less than or equal to the maximum possible score (which is 100 in this system, as scores only decrease).

Code Modification for LevelOne.sol::startSession:

// src/LevelOne.sol

// ... (other parts of the contract) ...

function startSession(uint256 _cutOffScore) public onlyPrincipal notYetInSession {

// --- START OF MODIFICATION FOR L-06 ---

require(_cutOffScore > 0 && _cutOffScore <= 100, "HH__InvalidCutoffScore");

// Assuming student scores start at 100 and only decrease.

// Adjust the upper bound if scores can increase or start differently.

// --- END OF MODIFICATION FOR L-06 ---

sessionEnd = block.timestamp + 4 weeks;

inSession = true;

cutOffScore = _cutOffScore;

emit SchoolInSession(block.timestamp, sessionEnd);

}

// ... (other parts of the contract) ...

Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

243

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.