Submission Details
Severity:
Transfer the `payPerTeacher` of all teachers just to the first teacher!
Summary
The loop for in the function `LevelOne::graduateAndUpgrade` not transfer the `payPerTeacher` for all the techer, just to teh first teacher!
Vulnerability Details
1- The attacker enter as the first teacher
2- all the `payPerTeacher` of all teacher transfer to that attacker
Impact
The rest of teachers don't get their pays
Tools Used
FOUNDRY
Recommendations
```diff
function graduateAndUpgrade(address _levelTwo, bytes memory) public onlyPrincipal {
if (_levelTwo == address(0)) {
revert HH__ZeroAddress();
}
uint256 totalTeachers = listOfTeachers.length;
+ uint256 payallTeachers = (bursary * TEACHER_WAGE) / PRECISION;
+ uint256 payPerTeacher = payallTeachers / listOfTeachers.length ;
- uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;
uint256 principalPay = (bursary * PRINCIPAL_WAGE) / PRECISION;
_authorizeUpgrade(_levelTwo);
for (uint256 n = 0; n < totalTeachers; n++) {
usdc.safeTransfer(listOfTeachers[n], payPerTeacher);
}
usdc.safeTransfer(principal, principalPay);
}
Updates
Lead Judging Commences
yeahchibyke 7 months ago
Submission Judgement Published Assigned finding tags:
incorrect teacher pay calculation
`payPerTeacher` in `graduateAndUpgrade()` is incorrectly calculated.
Rewards breakdown
nSLOC
243This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.