No Fixed School Fees
Summary
The school fees are dynamically set during the initialization of the contract, and there is no fixed or enforced minimum/maximum value. This could lead to inconsistencies or unintended values being set.
Vulnerability Details
Root Cause: The initialize function allows the deployer to set any value for schoolFees without restrictions:
schoolFees = _schoolFees;
Initial State: The contract is deployed, and the initialize function is called.
Step 1: The deployer sets an unintended or extremely low value for _schoolFees.
Outcome: Students can enroll by paying an arbitrary amount, which could lead to insufficient funds for teacher and principal payments.
Implications: The contract may not collect enough funds to sustain operations.
Impact
Who is affected: The school system, teachers, and principal.
How they are affected: Insufficient funds could lead to underpayment or non-payment of teachers and the principal.
Tools Used
manuel review
Recommendations
Enforce a minimum and maximum value for schoolFees during initialization:
if (_schoolFees < MINIMUM_FEES || _schoolFees > MAXIMUM_FEES) {
revert HH__InvalidSchoolFees();
}
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.