Missing Review Count Increment
Summary
The giveReview function in LevelOne doesn't increment the review count, making it impossible to track if students have received all required reviews before upgrading to LevelTwo.
Vulnerability Details
While the giveReview function checks that a student hasn't exceeded the maximum number of reviews, it never increments the count:
According to the system requirements, "Students must have gotten all reviews before system upgrade. System upgrade should not occur if any student has not gotten 4 reviews." However, the system has no way to verify this requirement due to the missing increment.
Impact
The failure to track review counts has significant impacts:
The system cannot enforce the requirement that all students receive the required number of reviews
Upgrades may occur prematurely, violating a core system invariant
Students may be unfairly evaluated due to missing reviews
The graduation process cannot validate that proper academic evaluations were completed
Tools Used
manual review
Recommendations
Add the missing review count increment to the giveReview function
Lead Judging Commences
reviewCount not updated
`reviewCount` for students is not updated after each review session
reviewCount not updated
`reviewCount` for students is not updated after each review session
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.