Submission Details
Impact:
Likelihood:
The pop method only removes the last element, which may not correspond to the intended address.
Summary The pop method only removes the last element, which mostly not going to correspond to the intended address.
Vulnerability Details
for (uint256 n = 0; n < teacherLength; n++) {
if (listOfTeachers[n] == _teacher) {
listOfTeachers[n] = listOfTeachers[teacherLength - 1];
listOfTeachers.pop();
break;
}
}
Impact The correct address may be removed while the wrong one stay, leading to incorrect state management.
Tools Used manual review
Recommendations when adding teacher and entrolling student, use a mpping to record an address's index in the list. then when removing, use the index to quickly pick out the one that ought to be deleted. below is a recommand fix of removeTeacher()
uint256 index = teacherIndex[_teacher];
uint256 lastIndex = listOfTeachers.length - 1;
// use the last teacher to overwrite the teacher that should be removed
if (index != lastIndex) {
address lastTeacher = listOfTeachers[lastIndex];
listOfTeachers[index] = lastTeacher;
teacherIndex[lastTeacher] = index;
}
// Remove the last teacher, which has duplicate
listOfTeachers.pop();
delete teacherIndex[_teacher];
isTeacher[_teacher] = false;
Rewards breakdown
nSLOC
243This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.