Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

H-01. Incorrect pay per Teacher calculation in graduateAndUpgrade

accessdenied

Summary

The function graduateAndUpgrade`don't compute correctly the pay for each teacher.

As a result:

  • The function will revert if there are more teachers that what the contract can pay with the wrong calculation

  • Teacher will not receive the correct amount if the function does not revert

Vulnerability Details

The amount for each teacher is computer as following:

uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;

But this does not account the number of teachers in the calcul.

POC

Update the test as following to add more teachers

function _teachersAdded() internal {
vm.startPrank(principal);
levelOneProxy.addTeacher(alice);
levelOneProxy.addTeacher(bob);
levelOneProxy.addTeacher(address(0x5));
levelOneProxy.addTeacher(address(0x6));
vm.stopPrank();
}

Impact

High since this impact the fund distributed.

Tools Used

Manual analysis + Foundry + ChatGPT (for the recommandation)

Recommendations

Include the number of teacher in the calculation, here a simplist example:

uint256 payPerTeacher = (bursary * TEACHER_WAGE) / (PRECISION * numberOfTeachers);
Updates

Lead Judging Commences

yeahchibyke Lead Judge 16 days ago
Submission Judgement Published
Validated
Assigned finding tags:

incorrect teacher pay calculation

`payPerTeacher` in `graduateAndUpgrade()` is incorrectly calculated.

yeahchibyke Lead Judge 16 days ago
Submission Judgement Published
Validated
Assigned finding tags:

incorrect teacher pay calculation

`payPerTeacher` in `graduateAndUpgrade()` is incorrectly calculated.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.