Hawk High

First Flight #39

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Role Conflict Vulnerability Vulnerability: Principal-Teacher Role Conflict

umarbinkhattab

Summary

The LevelOne contract for Hawk High School contains a critical design flaw that allows the principal to also be assigned as a teacher. This creates a conflict of interest in the governance structure and enables financial exploitation through dual compensation at the time of fund distribution.

Detailed Analysis

Technical Details

The vulnerability exists in the addTeacher() function of the LevelOne contract:

function addTeacher(address _teacher) public onlyPrincipal notYetInSession {

if (_teacher == address(0)) {

revert HH__ZeroAddress();

}

if (isTeacher[_teacher]) {

revert HH__TeacherExists();

}

if (isStudent[_teacher]) {

revert HH__NotAllowed();

}

listOfTeachers.push(_teacher);

isTeacher[_teacher] = true;

emit TeacherAdded(_teacher);

}

The function fails to check whether the address being added as a teacher is the same as the principal's address. While there are checks to prevent zero addresses, existing teachers, and students from being added as teachers, there is no check to prevent the principal from being added as a teacher.

Fund Distribution Analysis

During graduation and contract upgrade, the graduateAndUpgrade() function distributes funds as follows:

uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;

uint256 principalPay = (bursary * PRINCIPAL_WAGE) / PRECISION;

// Later in the function:

for (uint256 n = 0; n < totalTeachers; n++) {

usdc.safeTransfer(listOfTeachers[n], payPerTeacher);

}

usdc.safeTransfer(principal, principalPay);

With constants defined as:

uint256 public constant TEACHER_WAGE = 35; // 35%

uint256 public constant PRINCIPAL_WAGE = 5; // 5%

uint256 public constant PRECISION = 100;

If the principal is also a teacher, they would receive:

Principal payment: 5% of the bursary
Teacher payment: A portion of the 35% allocated to teachers (35% / number of teachers)

Exploitation Scenario

Consider a scenario with a bursary of 1000 USDC:

With 5 teachers (including the principal):
- Each teacher gets (1000 * 35/100) / 5 = 70 USDC
- Principal gets 1000 * 5/100 = 50 USDC
- Principal's total: 70 + 50 = 120 USDC (12% of bursary instead of intended 5%)
With just 2 teachers (principal and one other):
- Each teacher gets (1000 * 35/100) / 2 = 175 USDC
- Principal gets 1000 * 5/100 = 50 USDC
- Principal's total: 175 + 50 = 225 USDC (22.5% of bursary)

Business Logic Implications

The dual role creates several governance issues:

Incentive Misalignment: The principal is incentivized to minimize the number of teachers to maximize their teacher's share
Power Imbalance: As both administrator and educator, the principal can influence student reviews from multiple angles
Financial Inequity: The dual compensation unfairly distributes school resources

Code Fix Recommendation

Add a check to prevent the principal from being added as a teacher:

function addTeacher(address _teacher) public onlyPrincipal notYetInSession {

if (_teacher == address(0)) {

revert HH__ZeroAddress();

}

// Add this check to prevent principal from being teacher

if (_teacher == principal) {

revert HH__RoleConflict(); // New custom error

}

if (isTeacher[_teacher]) {

revert HH__TeacherExists();

}

if (isStudent[_teacher]) {

revert HH__NotAllowed();

}

listOfTeachers.push(_teacher);

isTeacher[_teacher] = true;

emit TeacherAdded(_teacher);

}

Alternative Mitigation

If the business logic specifically allows for a principal to also be a teacher, consider:

Implementing a separate wage calculation that prevents double-dipping
Creating transparency mechanisms to make this dual role visible
Adding governance controls that require approval from multiple parties for certain actions when roles are combined

Conclusion

The lack of a check preventing the principal from becoming a teacher represents a significant flaw in the contract's role separation design. It not only creates economic imbalances but also undermines the intended governance structure of the Hawk High School system. This issue should be addressed prior to deploying this contract to production.

Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 months ago

Submission Judgement Published

Validated

Assigned finding tags:

principal can become teacher

Principal can add themselves as teacher and share in teacher pay upon graduation

Appeal created

mishoko Auditor

6 months ago

yeahchibyke Lead Judge

6 months ago

yeahchibyke Lead Judge 6 months ago

Submission Judgement Published

Validated

Assigned finding tags:

principal can become teacher

Principal can add themselves as teacher and share in teacher pay upon graduation

Rewards breakdown

nSLOC

243

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.