Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Failure to call LevelTwo::graduate in LevelOne::graduateAndUpgrade disrupts function design

0xtory

Summary

The intent of calling LevelOne::graduateAndUpgrade is to graduate students and perform other important actions , but the function clearly ignores the second parameter in LevelOne::graduateAndUpgrade , clearly upgrading to LevelTwo Contract implementation ignoring calling LevelTwo::graduate immediately which was meant to be passed in bytes format

Vulnerability Details

The second parameter stated in this function is not used , The function doesn't pass call LevelTwo::graduate even if its passed in bytes format

@> function graduateAndUpgrade(address _levelTwo, bytes memory) public onlyPrincipal {
if (_levelTwo == address(0)) {
revert HH__ZeroAddress();
}
uint256 totalTeachers = listOfTeachers.length;
uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;
uint256 principalPay = (bursary * PRINCIPAL_WAGE) / PRECISION;
_authorizeUpgrade(_levelTwo);
for (uint256 n = 0; n < totalTeachers; n++) {
usdc.safeTransfer(listOfTeachers[n], payPerTeacher);
}
usdc.safeTransfer(principal, principalPay);
}

Impact

The principal calling LevelOne::graduateAndUpgrade at the end of a school session after all conditions have been met ends up not graduating any student

Tools Used

Manual Review

Recommendations

LevelOne contract inherits UUPS upgradeable contract , consider calling UUPSUpgradeable::upgradeToAndCall which upgrades and subsequently execute the function call encoded in bytes memory data. Also consider consider changing bytes memory to use a named parameter e.g bytes memory data

Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

failed upgrade

The system doesn't implement UUPS properly.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.