Hawk High

Summary

The graduate function in the new implementation contract is missing a crucial check for the cut-off score, which is supposed to ensure that only students who meet the required performance standards are eligible for an upgrade. This oversight in the function's design allows students to be upgraded regardless of their performance, violating the system's core invariant that only students who meet the cut-off score should be promoted. This missing functionality could lead to students advancing without meeting the necessary qualifications, causing unfair distributions and potentially undermining the integrity of the system.

Vulnerability Details

The graduate function in the Level Two contract is intended to handle student upgrades at the end of a session. However, the function lacks the necessary logic to verify if a student meets the required cut-off score before proceeding with the upgrade. This missing check could allow students who don't meet the performance criteria to be upgraded, violating the intended rules of the system.

Additionally, the new implementation of the graduate function in the contract does not contain the necessary functionality to validate whether students meet the required cut-off score before being upgraded, which is critical to ensuring fairness in the upgrade process.

Impact

Students who have not met the minimum performance criteria could be upgraded, undermining the system's fairness and effectiveness. This could result in students advancing without demonstrating sufficient competency.

Tools Used

Manual Review

Recommendations

Modify the graduate function in the LevelTwo.sol to include a condition that checks whether a student has met or exceeded the cut-off score before allowing the upgrade process to the level two. This check should be based on the student's score or any relevant metric defined in the system.