Missing Graduation Logic for Eligible Students
Summary
The contract defines a cutOffScore variable and allows score manipulation via review and re-review processes. However, the contract lacks an implementation to automatically identify and graduate students who meet or exceed the cutOffScore.
Despite the presence of a Graduated(address levelTwo) event, the contract only allows manual graduation via _graduate(), which is never called in the context of students reaching the required score. This creates a logical gap where eligible students remain stuck in the student list even though they’ve met graduation criteria.
Vulnerability Details
No logic exists to evaluate or upgrade students based on their score.
Impact
eligible students remain stuck in the student list even though they’ve met graduation criteria.
Tools Used
manual review
Recommendations
Introduce a new public function graduateStudents(address _levelTwo) callable by the principal that:
Iterates through
listOfStudents.Checks
studentScore >= cutOffScore.
Lead Judging Commences
cut-off criteria not applied
All students are graduated when the graduation function is called as the cut-off criteria is not applied.
cut-off criteria not applied
All students are graduated when the graduation function is called as the cut-off criteria is not applied.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.