Submission Details
Severity:
LevelOne::graduateAndUpgrade function lacks the session over check
Summary
LevelOne::graduateAndUpgrade function lacks the session over check.Principal can call graduateAndUpgrade before the session end,conflicting with the readme.md:At the end of the school session (4 weeks), the system is upgraded to a new one.
Vulnerability Details
The session can be graduateAndUpgrade any time instead of 4 weeks.
function graduateAndUpgrade(address _levelTwo, bytes memory) public onlyPrincipal {
@> //@audit this function should be called only when the session is over
// notYetInSession is needed
if (_levelTwo == address(0)) {
revert HH__ZeroAddress();
}
uint256 totalTeachers = listOfTeachers.length;
//@audit the share is not right
uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;
uint256 principalPay = (bursary * PRINCIPAL_WAGE) / PRECISION;
_authorizeUpgrade(_levelTwo);
for (uint256 n = 0; n < totalTeachers; n++) {
usdc.safeTransfer(listOfTeachers[n], payPerTeacher);
}
usdc.safeTransfer(principal, principalPay);
}
Tools Used
foundry
Recommendations
function graduateAndUpgrade(address _levelTwo, bytes memory) public onlyPrincipal {
//session should has been started
+ if (inSession == false) {
+ revert();
+ }
//check the time 4 weeks
+ if (sessionEnd >= block.timestamp){
+ revert();
+ }
if (_levelTwo == address(0)) {
revert HH__ZeroAddress();
}
uint256 totalTeachers = listOfTeachers.length;
//@audit the share is not right
uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;
uint256 principalPay = (bursary * PRINCIPAL_WAGE) / PRECISION;
_authorizeUpgrade(_levelTwo);
for (uint256 n = 0; n < totalTeachers; n++) {
usdc.safeTransfer(listOfTeachers[n], payPerTeacher);
}
usdc.safeTransfer(principal, principalPay);
}
Updates
Lead Judging Commences
yeahchibyke 19 days ago
Submission Judgement Published Assigned finding tags:
can graduate without session end
`graduateAndUpgrade()` can be called successfully even when the school session has not ended
yeahchibyke 19 days ago
Submission Judgement Published Assigned finding tags:
can graduate without session end
`graduateAndUpgrade()` can be called successfully even when the school session has not ended
Rewards breakdown
nSLOC
243This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.