Hawk High

First Flight #39

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Teacher can Bypass Review Limit and Compromise the System Integrity

sekkiat

Summary

The giveReview function is intended to restrict the number of reviews a teacher can give to a student to a maximum of 4 (once per week in a 4-week session). However, the logic fails because reviewCount[_student] is never incremented after a review is submitted, allowing teachers to exceed the intended review limit.

Vulnerability Details

The giveReview function is designed to allow teachers to submit a review for a student once per week, with a maximum of four reviews throughout the four-week session. This behavior is partially enforced by the following line in the giveReview function to cap the total number of reviews a student can receive.

require(reviewCount[_student] < 5, "Student review count exceeded!!!");

However, the implementation fails to increment the reviewCount[_student] variable after a review is submitted. As a result, the conditional check becomes ineffective, since the count remains at its default value of zero, allowing teachers to bypass the review limit and continue reviewing the same student week after week. This flaw compromises the fairness and integrity of the evaluation system.

POC

The following is the POC that allows the teacher to give more than 4 reviews for a specific student.

function test_fake_give_review() public schoolInSession {

uint256 score = 100;

for (uint256 i = 0; i < 10; i++) {

score = score - 10;

console2.log("Loop ",i);

vm.warp(block.timestamp + 1 weeks);

vm.prank(alice);

levelOneProxy.giveReview(harriet, false);

assert(levelOneProxy.studentScore(harriet) == score);

console2.log("Current Score: ",score);

}

Impact

Teachers can bypass the intended limit of four reviews per student, allowing them to manipulate the student scores by giving more than 4 reviews, which leads to students being wrongly rewarded or penalized, breaking the fairness of the system.

Tools Used

Manual Review

Recommendations

Add the following line - reviewCount[_student]++; to fix the issue

function giveReview(address _student, bool review) public onlyTeacher {

if (!isStudent[_student]) {

revert HH__StudentDoesNotExist();

}

require(reviewCount[_student] < 5, "Student review count exceeded!!!");

require(block.timestamp >= lastReviewTime[_student] + reviewTime, "Reviews can only be given once per week");

if (!review) {

studentScore[_student] -= 10;

}

lastReviewTime[_student] = block.timestamp;

//Add this line

reviewCount[_student]++;

emit ReviewGiven(_student, review, studentScore[_student]);

}

Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 months ago

Submission Judgement Published

Validated

Assigned finding tags:

reviewCount not updated

`reviewCount` for students is not updated after each review session

Rewards breakdown

nSLOC

243

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.