Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Overpayment to Teachers Due to Incorrect Pay Distribution

bryanconquer

Summary

The graduateAndUpgrade() function incorrectly distributes 35% of the total bursary (student fees) to each teacher individually, rather than dividing the 35% among all teachers. This leads to an overpayment and potential drain of the entire bursary balance.

Vulnerability Details


If there are 3 teachers:

  • Expected: Each teacher should receive ~11.67% of the bursary (35% / 3).

  • Actual: Each teacher receives 35%, totaling 105%.

uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;
for (uint256 n = 0; n < totalTeachers; n++) {
usdc.safeTransfer(listOfTeachers[n], payPerTeacher);
}

Impact

Bursary overspending

Failed USDC transfers (if insufficient balance).

Principal receiving less than 5% or nothing at all.

Systemic accounting error and potential exploit vector.

Tools Used


Manual Review

Recommendations

Refactor the payment logic to:


uint256 teacherTotalPay = (bursary * TEACHER_WAGE) / PRECISION;
uint256 payPerTeacher = teacherTotalPay / totalTeachers;
for (uint256 n = 0; n < totalTeachers; n++) {
usdc.safeTransfer(listOfTeachers[n], payPerTeacher);
}
Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

incorrect teacher pay calculation

`payPerTeacher` in `graduateAndUpgrade()` is incorrectly calculated.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.