Hawk High

First Flight #39

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Bursary Drain Due to Payment Miscalculation

eagerpanda582

Summary:

The contract is designed such that, at the end of each school session, only 40% of the collected school fees should be paid out—5% to the principal and 35% shared among all teachers. The remaining 60% should remain in the bursary for future use. However, the current implementation mistakenly pays the entire 35% share to each teacher, rather than distributing it collectively across all teachers. This results in overpayment and leads to rapid exhaustion of the bursary fund.

Vulnerability Details:

Expected Behavior (as per documentation):

Principal: Receives 5% of the bursary.
Teachers: Collectively receive 35% of the bursary (shared equally).
Bursary: 60% should remain after payouts.

Current Buggy Behavior in Code:

uint256 teacherShare = (bursary * 35) / 100;

for (uint i = 0; i < listOfTeachers.length; i++) {

usdc.transfer(listOfTeachers[i], teacherShare); // 🔴 Bug: Full 35% given to each teacher

}

This implementation erroneously pays each teacher 35% of the bursary, leading to:

Overpayment: If there are 3 teachers, 105% of the bursary is paid.
Bursary Depletion: Contract funds are exhausted prematurely.
Injustice: Early teachers get unfairly high wages, breaking the reward structure.

Impact:

Critical financial flaw: Bursary will be drained rapidly, leaving no funds for future sessions.

Systemic failure: Future session upgrades or withdrawals may fail due to insufficient funds.

Unequal compensation: Teachers in earlier sessions get disproportionately higher rewards.

Tools Used :

Mannual Review

Recommendations:

Fix the payout logic to divide the 35% teacher share equally among all teachers:

uint256 totalTeacherShare = (bursary * 35) / 100;

uint256 perTeacherShare = totalTeacherShare / listOfTeachers.length;

for (uint256 i = 0; i < listOfTeachers.length; i++) {

usdc.transfer(listOfTeachers[i], perTeacherShare);

}

Additional Suggestions:

Add unit tests to confirm:

Principal receives exactly 5%.

Teachers collectively receive 35%.

60% of the bursary remains after distribution.

Updates

Lead Judging Commences

yeahchibyke Lead Judge 20 days ago

Submission Judgement Published

Validated

Assigned finding tags:

incorrect teacher pay calculation

`payPerTeacher` in `graduateAndUpgrade()` is incorrectly calculated.

yeahchibyke Lead Judge 20 days ago

Submission Judgement Published

Validated

Assigned finding tags:

incorrect teacher pay calculation

`payPerTeacher` in `graduateAndUpgrade()` is incorrectly calculated.

Rewards breakdown

nSLOC

243

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.