Submission Details
Severity:
Missing Per-Teacher Division in Wage Calculation Leads to Overpayment to Each Instructor
Summary
In the LevelOne::graduateAndUpgradefunction teacher share of the bursary is not shared and instead it gives 35% to each teacher.
Vulnerability Details
function graduateAndUpgrade(address _levelTwo, bytes memory) public onlyPrincipal {
if (_levelTwo == address(0)) {
revert HH__ZeroAddress();
}
uint256 totalTeachers = listOfTeachers.length;
// The line below calculates as 35% of bursary
@> uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;
uint256 principalPay = (bursary * PRINCIPAL_WAGE) / PRECISION;
_authorizeUpgrade(_levelTwo);
for (uint256 n = 0; n < totalTeachers; n++) {
usdc.safeTransfer(listOfTeachers[n], payPerTeacher);
}
usdc.safeTransfer(principal, principalPay);
}
Impact
This vulnerability is a clear mishandling of funds and does not work as intended leading to loss of trust in the protocol.
Tools Used
Manual code review
Recommendations
The teachers share of the bursaryshould be divided by the listOfTeachers.lengthand there should be a check for if the list is zero:
+ error HH_NoTeachers();
function graduateAndUpgrade(address _levelTwo, bytes memory) public onlyPrincipal {
if (_levelTwo == address(0)) {
revert HH__ZeroAddress();
}
uint256 totalTeachers = listOfTeachers.length;
- uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;
+ uint256 totalPayTeachers = (bursary * TEACHER_WAGE) / PRECISION;
+ if (totalTeachers == 0) {
+ revert HH_NoTeachers();
+ }
+ uint256 payPerTeacher = totalPayTeachers / totalTeachers;
uint256 principalPay = (bursary * PRINCIPAL_WAGE) / PRECISION;
_authorizeUpgrade(_levelTwo);
for (uint256 n = 0; n < totalTeachers; n++) {
usdc.safeTransfer(listOfTeachers[n], payPerTeacher);
}
usdc.safeTransfer(principal, principalPay);
}
Updates
Lead Judging Commences
yeahchibyke 7 months ago
Submission Judgement Published Assigned finding tags:
incorrect teacher pay calculation
`payPerTeacher` in `graduateAndUpgrade()` is incorrectly calculated.
Rewards breakdown
nSLOC
243This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.