Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Missing bursary update causes incorrect fund retention after upgrade

anchabadze

Description:

The graduateAndUpgrade function in the LevelOne contract fails to update the bursary value after making payments to teachers and the principal. According to the protocol's invariant, "remaining 60% should reflect in the bursary after upgrade," but the current implementation does not reduce the bursary amount after payments are made.

function graduateAndUpgrade(address _levelTwo, bytes memory) public onlyPrincipal {
// ...
uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;
uint256 principalPay = (bursary * PRINCIPAL_WAGE) / PRECISION;
_authorizeUpgrade(_levelTwo);
for (uint256 n = 0; n < totalTeachers; n++) {
usdc.safeTransfer(listOfTeachers[n], payPerTeacher);
}
usdc.safeTransfer(principal, principalPay);
// Missing: bursary update to reflect remaining 60%
}

Impact:

  • The bursary value remains unchanged after payments, violating the protocol's invariant

  • After upgrade to LevelTwo, the bursary value will be incorrectly high, showing 100% of funds instead of the expected 60%

  • This creates an accounting discrepancy between the actual token balance and the recorded bursary value

Recommended Mitigation:

Update the graduateAndUpgrade function to properly adjust the bursary

Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

bursary not updated

The bursary is not updated after wages have been paid in `graduateAndUpgrade()` function

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.