System Upgrade Without Complete Student Reviews
Summary
The graduateAndUpgrade function allows system upgrades without verifying that all students have received their required 4 reviews, violating a core protocol invariant.
Vulnerability Details
Root Cause: The upgrade function lacks validation that all students have received their complete set of reviews.
Initial State:
School in session
Multiple students enrolled
Teachers giving reviews
Attack Flow:
Some students receive fewer than 4 reviews
Principal calls
graduateAndUpgradeSystem upgrades despite incomplete reviews
Students lose opportunity for remaining reviews
Impact
Students graduate without complete evaluation
Breaks core educational requirement
Compromises assessment integrity
Violates protocol invariant: "Students must have gotten all reviews before system upgrade"
Tools Used
Manual review
Recommendations
Add review completion check:
function graduateAndUpgrade(address _levelTwo, bytes memory data) public onlyPrincipal {
// ...existing code...
}
Lead Judging Commences
cut-off criteria not applied
All students are graduated when the graduation function is called as the cut-off criteria is not applied.
cut-off criteria not applied
All students are graduated when the graduation function is called as the cut-off criteria is not applied.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.