Hawk High

Summary
The contract does not prevent expelled students from re-enrolling, allowing them to bypass the expulsion.

Vulnerability Details
Root Cause: The expel function removes a student from the listOfStudents and sets isStudent[_student] = false, but it does not track expelled students:

isStudent[_student] = false;

Initial State: A student is enrolled and later expelled.

Step 1: The principal expels the student using the expel function.

Step 2: The expelled student calls the enroll function again.

Outcome: The student is re-enrolled without any restrictions.

Implications: Expelled students can bypass the expulsion and rejoin the system, undermining the integrity of the expulsion process.

Impact
Who is affected: The school system and its credibility.

How they are affected: Expelled students can exploit the system by re-enrolling.

Tools Used
manuel review

Recommendations
Add a mapping to track expelled students and prevent them from re-enrolling:

mapping(address => bool) public isExpelled;

function enroll() external notYetInSession {

require(!isExpelled[msg.sender], "Student is expelled");

...

}

function expel(address _student) public onlyPrincipal {

...

isExpelled[_student] = true;

emit Expelled(_student);

}