Hawk High

Summary

In the graduateAndUpgrade function, the payPerTeacher value is calculated based on a percentage of the bursary amount. However, the code does not divide this amount by the number of teachers, causing each teacher to receive the full percentage (e.g., 35%) of the total bursary—leading to multiple overpayments and likely a complete drain of bursary funds.

Vulnerability Details

Problematic Code:

Example Scenario:

• bursary = 1000 USDC

• TEACHER_WAGE = 35

• PRECISION = 100

• payPerTeacher = (1000 * 35) / 100 = 350 USDC

• If there are 3 teachers, each receives 350 USDC.

• Total payout to teachers = 3 × 350 = 1050 USDC, which is more than the total bursary!

• This leads to a drain on contract funds and violates the intended wage percentage.

Impact

• Financial Loss: The contract can pay out more than the available bursary.

• Misaligned Wage Distribution: Teachers may be overcompensated.

• Contract Inconsistency: Principal and other stakeholders receive incorrect payouts.

• Potential Reverts: The contract may revert on transfers if the balance is insufficient due to earlier overpayments.

Tools Used

• Manual code review

• Knowledge of ERC-20 logic and Solidity arithmetic

• Business logic analysis

Recommendations

Correct the logic to fairly divide the teacher's wage portion among all teachers:

Additional Recommendations:

• Add checks for totalTeachers > 0 to avoid divide-by-zero errors.

• Consider emitting an event showing how much each teacher is paid for transparency.

• Ensure any remaining balance (dust) is handled appropriately.