Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: medium
Likelihood: medium
Invalid

Missing input validation on `LevelOne::startSession` when setting `_cutOffScore` for a session

blackgrease

Summary

The LevelOne::startSession function is missing ainput vaidation on the given _cutOffScore variable impacting the graduating logic; can be set for everyone to fail or everyone to pass.

Description

When a principal calls the LevelOne::startSession function, a _cutOffScore argument needs to be provided in order to determine the logic of how students will graduate to the next level.

When a student enrolls into Hawk High, they start of with a score of 100. For each good review, their score remains the same while for each bad review, their score drops by 10.

The Code Issue

The startSession function is missing input validation on the argument given, meaning a Principal can set the _cutOffScore to either:

  1. Very low: meaning everyone will pass

  2. Very High: meaning no one will pass

The current cutOffScore logic does not reflect and relate to their existing score meaning students are vulnerable to score abuse/exploitation. A Principal can incorrectly set everyone to pass or fail regardless of the number of bad/good reviews.

The expected logic should have a input validation check that relates to the starting score for students.

Affected Code Area

function startSession(uint256 __cutOffScore) public onlyPrincipal notYetInSession {
sessionEnd = block.timestamp + 4 weeks;
inSession = true;
_cutOffScore = __cutOffScore; //@audit: input validation: expected value is not enforced
emit SchoolInSession(block.timestamp, sessionEnd);
}

Exploitation

A Principal sets the _cutOffScore to 40. Even if a student gets 4 bad reviews they will still be above the cut of score and graduate to the next level. Conversely, if the Principal sets the _cutOffScore to above 100, then no student will graduate.

Impact

The Impact of this severity is Medium as it breaks the school logic and opens up the door to potential issues.

  1. There is a logical breakage as the graduation logic becomes meaningless of a low score, ie everyone still passes regardless of bad reviews

  2. The Principal can abuse this by setting a high cutOffscore making no one to pass; again breaking graduation logic.

Proof-Of-Concept

Walkthrough

  1. Principal calls startSession with a low cutOffSore e.g 10

  2. Teacher each week gives a student X bad review.

  3. At the end of session, student X has score of 60. They aer still above the cuttOfScore and therefore are eligible to be upgraded to the next level.

Mititgation

In order to prevent abuse - unintentional or malicious - the contract should perform input validation on the _cutOffScore variable.

For example,

  1. the the minimum allowed input should be 70

    1. This allows for a student to have at 3 bad and 1 good review to pass. If they get 4 bad reviews they fail.

  2. The maximum input should be less than 100 e.g 90.

    1. This allows 2 good and 2 bad reviews allowing a pass or alternatively, 3 bad and 1 good review meaning a fail

function startSession(uint256 _cutOffScore) public onlyPrincipal notYetInSession {
+ uint256 minScore = 70;
+ uint256 maxScore = 90;
+ require( _cutOffScore >= minScore ,"CutOfScore is Too low");
+ require( _cutOffScore <= maxScore, "CutOffScore is Too High");
sessionEnd = block.timestamp + 4 weeks;
inSession = true;
cutOffScore = _cutOffScore; //@audit: input validation: expected value is not enforced
emit SchoolInSession(block.timestamp, sessionEnd);
}
Updates

Lead Judging Commences

yeahchibyke Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
yeahchibyke Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.