Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Incorrect Calculation of Pay Per Teacher in graduateAndUpgrade

cipheredsage

Summary

The function graduateAndUpgrade miscalculates how much each teacher should receive from the bursary. Instead of distributing 35% of the bursary across all teachers, it incorrectly gives each teacher the full 35% share. This results in massive overpayment and could cause the contract to transfer more than it holds.

Impact

  • Overdraw the contract’s USDC balance

  • Fail with a transfer revert due to insufficient funds

  • Lead to financial loss if exploited before failure

Proof Of Concept

Let’s say:

  • Bursary = 1000e18

  • TEACHER_WAGE = 35 (representing 35%)

  • Number of teacher = 5

According to current code

uint256 payPerTeacher = (1000e18 * 35) / 100; // 350e18

So each teacher will get 350e18, which will total to

5 × 350e18 = 1750e18

This exceeds the 1000e18 bursary by 750e18

Tools Used

  • Manual code review

Solution

Distribute the 35% share evenly across all teachers:

uint256 teacherShare = (bursary * TEACHER_WAGE) / PRECISION;
uint256 payPerTeacher = teacherShare / totalTeachers;

With this correction:

  • teacherShare = 350e18

  • payPerTeacher = 70e18

  • total payout = 5 × 70e18 = 350e18

Recommendations

Replace this:

uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;

With this:

uint256 teacherShare = (bursary * TEACHER_WAGE) / PRECISION;
uint256 payPerTeacher = teacherShare / totalTeachers;
Updates

Lead Judging Commences

yeahchibyke Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

cut-off criteria not applied

All students are graduated when the graduation function is called as the cut-off criteria is not applied.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!