Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Wrong amount of usdc is transferred to teachers, each teacher gets full 35% of bursary instead of 35%/number of teachers in `graduateAndUpgrade`

vincent71399

Description: according to the documentation, teachers should share 35% of the bursary, instead of each teacher getting 35% of the bursary.
if more than 3 teachers are in school, usdc will exceed the bursary amount.

Impact: This will break the contract's logic, as the contract send more usdc amount to teachers, and may revert due to insufficient usdc balance if more than 3 teachers in school.

Proof of Concept: add following test and run

function test_wrong_amount_usdc_given_to_teachers() public studentEnrolled {
vm.startPrank(principal);
levelOneProxy.addTeacher(teacher_1);
levelOneProxy.addTeacher(teacher_2);
levelOneProxy.addTeacher(teacher_3);
levelOneProxy.startSession(cutOffScore);
vm.stopPrank();
vm.startPrank(principal);
LevelTwo levelTwo = new LevelTwo();
vm.expectRevert(); // ERC20InsufficientBalance
levelOneProxy.graduateAndUpgrade(address(levelTwo), abi.encodeWithSignature("graduate()"));
vm.stopPrank();
}

Recommended Mitigation: divide the payPerTeacher by the number of teachers in the school

function graduateAndUpgrade(address _levelTwo, bytes memory) public onlyPrincipal {
...
- uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION
+ uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION / totalTeachers;
...
}
Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

incorrect teacher pay calculation

`payPerTeacher` in `graduateAndUpgrade()` is incorrectly calculated.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.