Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Pre-Upgrade Payment Risk

avalance

Summary

A critical vulnerability was identified in the graduateAndUpgrade function where USDC payments are processed after contract upgrades, risking incorrect fund distribution due to stale bursary values.

Vulnerability Details

Location:
graduateAndUpgrade(address _levelTwo, bytes memory) function

Technical Description:
The function currently performs:

  1. Contract upgrade (_authorizeUpgrade)

  2. USDC payments to teachers/principal

This order creates two risks:

  1. Stale bursary Value: Payments use pre-upgrade bursary amount even if upgrade modifies it

  2. Upgrade Failure: If upgrade reverts, payments may never execute despite meeting requirements

Attack Vectors:

  • Malicious upgrade could front-run payment logic

  • Upgrade could accidentally modify bursary before payments complete

Impact

Potential Consequences:

  • Financial losses from incorrect payment amounts

  • Fund locking if upgrade reduces bursary before payments

  • Protocol insolvency if payments use inflated old values

  • Loss of stakeholder trust

Worst Case Scenario:
An attacker could propose an upgrade that:

  1. Reduces bursary by 90% during upgrade

  2. Lets payments execute at old 100% rate

  3. Steals the 90% difference

Tools Used

Recommendations

Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

failed upgrade

The system doesn't implement UUPS properly.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.