[H-01] The principal has the ability to receive (35% + 5%) of the total fund allocation.
Summary
principalreceives 5% of thebursary.teachersreceive 35% of the bursary.
Due to two small vulnerabilities in the project, when combined, the principal can end up receiving 40% of the total fund allocation.
Vulnerability Details
Vulnerability 1:
In the
addTeacherfunction, due to a lack of strict restrictions, the principal can add themselves as a teacher.Specifically,
listOfTeachers[0] = Principal.
Vulnerability 2:
In the
graduateAndUpgradefunction, due to an error in the following code:uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;for (uint256 n = 0; n < totalTeachers; n++) {usdc.safeTransfer(listOfTeachers[n], payPerTeacher);}This results in the total teacher salary
payPerTeacherbeing transferred entirely tolistOfTeachers[0].
Conclusion:
So if listOfTeachers[0] = Principal, the principal will receive (35% + 5%) of the total fund allocation!
POC
Not written.
Recommendations
Fix for graduateAndUpgrade:
Fix for addTeacher:
Lead Judging Commences
principal can become teacher
Principal can add themselves as teacher and share in teacher pay upon graduation
Appeal created
incorrect teacher pay calculation
`payPerTeacher` in `graduateAndUpgrade()` is incorrectly calculated.
principal can become teacher
Principal can add themselves as teacher and share in teacher pay upon graduation
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.