Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

[H-1] Incorrect calculation of teacher wages in graduateAndUpgrade() function leading towards overpayment to multiple teachers

The Best Audit Group

Summary

The graduateAndUpgrade() function incorrectly calculates teacher wages by assigning 35% of the total bursary to each teacher rather than evenly splitting 35% among all teachers. This results in a significant overpayment when multiple teachers exist, draining more than the intended 35% allocation.

Vulnerability Details

uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;

This is the calculation used for assigning 35% of the entire bursary to each teacher. If there are N teachers, the total payout to teachers becomes:

N * (35% of bursary) = bursary * 0.35 * N

This violates the intended constraint: teachers should collectively receive 35% of the bursary

Impact

  • Causes overpayment to teachers

Tools Used

Manual Review

Recommendations

Update the teacher payment calculation to divide the allocated 35% evenly among all teachers:

function graduateAndUpgrade(address _levelTwo, bytes memory) public onlyPrincipal {
if (_levelTwo == address(0)) {
revert HH__ZeroAddress();
}
uint256 totalTeachers = listOfTeachers.length;
+ uint256 totalTeacherShare = (bursary * TEACHER_WAGE) / PRECISION;
+ uint256 payPerTeacher = totalTeachers > 0 ? totalTeacherShare / totalTeachers : 0;
uint256 principalPay = (bursary * PRINCIPAL_WAGE) / PRECISION;
_authorizeUpgrade(_levelTwo);
for (uint256 n = 0; n < totalTeachers; n++) {
usdc.safeTransfer(listOfTeachers[n], payPerTeacher);
}
usdc.safeTransfer(principal, principalPay);
}
Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

incorrect teacher pay calculation

`payPerTeacher` in `graduateAndUpgrade()` is incorrectly calculated.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.