Hawk High

Summary

The giveReview function in LevelOne.sol only handles bad reviews by decreasing the student's score, but does not handle good reviews at all. This creates an imbalance in the review system where only negative reviews affect the student's score.

Vulnerability Details

In the giveReview function:

The function only decreases the score by 10 when a bad review is given (review is false), but does nothing when a good review is given (review is true). This means:

1. Bad reviews decrease score by 10

2. Good reviews have no effect on the score

3. The comment suggests both types of reviews should have an effect

Impact

• Students can only lose points, never gain them

• The review system is one-sided and unfair

• This could lead to all students eventually failing to meet the cutoff score

• Affects the core functionality of the school system

• Could prevent students from graduating even with good reviews

• Directly impacts the school's ability to properly evaluate and reward students

Tools Used

• Manual code review

• Foundry for testing

Recommendations

Add handling for good reviews by increasing the student's score when a good review is given:

This will create a balanced review system where:

1. Bad reviews decrease score by 10

2. Good reviews increase score by 10

3. Students have a chance to improve their scores through good reviews