Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Students Graduate Without Meeting Cutoff Score Requirement

invcbull

Summary

The graduateAndUpgrade function does not verify that students meet the required cutOffScore before upgrading, allowing failing students to graduate.

Vulnerability Details

Root Cause: The graduation function doesn't validate student scores against cutOffScore:

function graduateAndUpgrade(address _levelTwo, bytes memory data) public onlyPrincipal {
// ...existing code...
// Missing check for student scores against cutOffScore
_authorizeUpgrade(_levelTwo);
// ...existing code...
}

Initial State:

  • Session active

  • cutOffScore set

  • Students with scores below cutoff

  • Ready for graduation

Attack Flow:

  1. Students receive negative reviews, dropping below cutOffScore

  2. Principal calls graduateAndUpgrade

  3. All students graduate regardless of score

  4. Violates core requirement that failing students shouldn't graduate

Impact

  • Failing students can graduate

  • Compromises academic standards

  • Violates core invariant

  • Affects school's educational integrity

Tools Used

Manual review

Recommendations

Add cutoff score validation to ensure only student that meets cut off mark requirement graduate.

Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

cut-off criteria not applied

All students are graduated when the graduation function is called as the cut-off criteria is not applied.

yeahchibyke Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

cut-off criteria not applied

All students are graduated when the graduation function is called as the cut-off criteria is not applied.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.