Hawk High

First Flight #39

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: high

Likelihood: high

Invalid

[H-02] Due to Funds Being Stuck in the Contract During Teacher Fund Allocation, a DOS Attack Occurs, Preventing Other Valid Teachers from Receiving Their Due Funds

0x996

Summary

Due to the incorrect addition of a malicious teacher, funds get stuck in the contract during teacher fund allocation, causing a DOS attack. This results in other valid teachers not receiving their due funds.

Vulnerability Details

The principal may add a malicious teacher with a contract address that cannot receive fund allocations in the addTeacher function.
When using graduateAndUpgrade, because the malicious teacher cannot receive the funds, the funds get stuck in the contract, resulting in a DOS attack.

Impact

The DOS attack causes other valid teachers to be unable to receive their due funds!

POC

Not written.

Recommendations

Teacher accounts must have a receive or fallback function that can properly receive funds!

Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Appeal created

0x996 Submitter

6 months ago

yeahchibyke Lead Judge

6 months ago

yeahchibyke Lead Judge 6 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

nSLOC

243

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.