Summary

There is a bad payPerTeacher calculation, graduateAndUpgrade() will revert if more than 2 teachers.

Vulnerability Details

https://github.com/CodeHawks-Contests/2025-05-hawk-high/blob/main/src/LevelOne.sol#L302-L303

graduateAndUpgrade() will revert if there is more than 2 teachers. Because the formula for the calculation of
the payPerTeacher is wrong.
It doesn't take in consideration the number of teachers.
With the actual bad formula, if we have 3 or more teachers, then there will be no more USDC in the contract to actually do all
the USDC transfers to the teachers.

The first teacher will get 35% of the bursary => 65% left of USDC.

The second teacher will get 35% => 30% left of USDC.

And the contract will try to send 35% of USDC to the third teacher but there
will not be enough USDC in the contract to do so.
The transaction will inevitably revert.

Here is the actual code for the calculation of payPerTeacher:

Using these parameters:

Impact

If more than 2 teachers, the function will revert and the contract won't be able to "graduate and upgrade".
The funds will also be stuck in the contract and pay won't be payed to either teachers nor the principal.

Tools Used

Github, Manual review.

Recommendations

The intended behavior was to give to ALL teachers, 35% of the bursary but not 35% to each teacher.
To do so, use this formula instead :

Or you could also choose to give to all teachers the remaining USDC after paying the principal.

To do this, change the calculation using the number of teachers : totalTeachers. And not a fixed percentage like 35% for each teacher.

First deduct the 5% of bursary for the principal.
Then instead of using a fixed percentage by teacher, divide the remaining USDC (remaining bursary) by the number of teachers.

Formulas :
totalTeachers = listOfTeachers.length;
remainingBursary = (bursary - bursary * PRINCIPAL_WAGE / PRECISION) and payPerTeacher = remainingBursary / totalTeachers.