Missing Review Count Increment in giveReview Function
Summary
The giveReview function in LevelOne.sol checks if reviewCount[_student] < 5 but never increments the reviewCount after giving a review. This means the review limit of 5 reviews per student is never enforced, allowing unlimited reviews to be given.
Vulnerability Details
In the giveReview function:
The function checks if the student has received less than 5 reviews, but never increments the counter after giving a review. This means:
The check
reviewCount[_student] < 5will always passTeachers can give unlimited reviews to any student
The intended review limit of 5 reviews per student is not enforced
Impact
Allows unlimited reviews to be given to any student
Bypasses the intended review limit of 5 reviews per student
Could lead to score manipulation through unlimited reviews
Affects the integrity of the student evaluation system
Could allow teachers to artificially inflate or deflate student scores
Tools Used
Manual code review
Recommendations
Add the review count increment after giving a review:
This will properly enforce the review limit by:
Checking if the student has received less than 5 reviews
Incrementing the counter after each review
Preventing more than 5 reviews per student
Lead Judging Commences
reviewCount not updated
`reviewCount` for students is not updated after each review session
reviewCount not updated
`reviewCount` for students is not updated after each review session
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.