Misaccounted bursary Balance After graduateAndUpgrade() Function Execution
Summary
The graduateAndUpgrade function is intended to allocate 35% of the bursary to teachers, 5% to the principal and retain the remaining 60% in the bursary for future use. However while the USDC transfers of teachers and principal are executed, the bursary variable is not updated to reflect these payouts.
Impact
The
bursaryretains its full value even after 40% has been disbursed.Any logic relying on
bursarywill operate on an inflated and inaccurate balance.This could lead to double-spending or misallocation of already disbursed funds.
Proof Of Concept
Assume:
On calling graduateAndUpgrade():
Teachers receive
350e18in total.Principal receives
50e18.
Expected outcome:
Actual outcome:
This leaves 400e18 unaccounted for, which could be inadvertently reused.
Tools Used
Manual code review
Solution
Subtract the 40% of the distributed wages from the bursary
This way:
bursary is updated to reflect the actual remaining balance (60%) after the payout
All future logic using bursary will be based on actual amount
Recommendations
Add the following code to graduateAndUpgrade function
Lead Judging Commences
bursary not updated
The bursary is not updated after wages have been paid in `graduateAndUpgrade()` function
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.