Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Review Count Increment in giveReview Function

teoslaf

Summary

The giveReview function in LevelOne.sol allows teachers to give reviews even after the session has ended. This is problematic because reviews should only be given during an active session.

Vulnerability Details

In the giveReview function:

function giveReview(address _student, bool review) public onlyTeacher {
if (!isStudent[_student]) {
revert HH__StudentDoesNotExist();
}
require(reviewCount[_student] < 5, "Student review count exceeded!!!");
require(
block.timestamp >= lastReviewTime[_student] + reviewTime,
"Reviews can only be given once per week"
);
// where `false` is a bad review and true is a good review
if (!review) {
studentScore[_student] -= 10;
}
// Update last review time
lastReviewTime[_student] = block.timestamp;
emit ReviewGiven(_student, review, studentScore[_student]);
}

The function checks:

  1. If the student exists

  2. If the student has received less than 5 reviews

  3. If enough time has passed since the last review

However, it does not check if the current session has ended. This means:

  1. Teachers can give reviews after the session end time

  2. Student scores can be modified outside of the active session period

  3. The session end time check that exists in other functions (like expel) is missing here

Impact

Impact: HIGH

  • Allows modification of student scores outside of the intended session period

  • Could lead to unfair score adjustments after the session has ended

  • Affects the integrity of the student evaluation system

  • Could allow teachers to manipulate scores after the session is over

  • May affect student graduation eligibility

Tools Used

  • Manual code review

Recommendations

Add a check to ensure reviews can only be given during an active session:

function giveReview(address _student, bool review) public onlyTeacher {
if (!isStudent[_student]) {
revert HH__StudentDoesNotExist();
}
if (block.timestamp > sessionEnd) {
revert HH__SessionEnded();
}
require(reviewCount[_student] < 5, "Student review count exceeded!!!");
require(
block.timestamp >= lastReviewTime[_student] + reviewTime,
"Reviews can only be given once per week"
);
// where `false` is a bad review and true is a good review
if (!review) {
studentScore[_student] -= 10;
}
// Update last review time
lastReviewTime[_student] = block.timestamp;
emit ReviewGiven(_student, review, studentScore[_student]);
}

This will ensure that:

  1. Reviews can only be given during an active session

  2. Student scores cannot be modified after the session ends

  3. The review system maintains its integrity throughout the session

Updates

Lead Judging Commences

yeahchibyke Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

session state not updated

`inSession` not updated after during upgrade

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.