Hawk High

First Flight #39

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

The bursary is not updated after the system is upgraded leading to inappropriate distribution of funds in a new session

w1nst0nity

Description: After wages are paid out from the total funds available in LevelOne::bursary (35% to teachers and 5% to the Principal), no funds are actually deducted from the bursary balance.

Impact: When a new session begins, the bursary from the previous session is not overwritten or updated. As a result, students pay new fees into the same existing balance. Eventually, at the end of the new session, the Principal and teachers receive more than they are supposed to, since the bursary has accumulated across multiple sessions without proper resets.

Proof of Concept:

The Principal calls `LevelOne::graduateAndUpgrade.
Wages are payed to the teachers and principal.
The amount paid is not subtracted from the bursary.
Students pay school fees for the new session.
Previous bursary gets updated with previous balance.
At the end of the session wages are disbursed to teachers and principal.
The wages that the teachers and principal will receive will be greater than intended.

function testBursaryIsNotUpdated() public schoolInSession {

levelTwoImplementation = new LevelTwo();

levelTwoImplementationAddress = address(levelTwoImplementation);

bytes memory data = abi.encodeCall(LevelTwo.graduate, ());

uint256 bursaryAmountBeforeGraduation = levelOneProxy.bursary();

vm.prank(principal);

levelOneProxy.graduateAndUpgrade(levelTwoImplementationAddress, data);

LevelTwo levelTwoProxy = LevelTwo(proxyAddress);

uint256 expectedBursaryAmountAfterGraduation = (bursaryAmountBeforeGraduation * 60) / 100;

uint256 actualBursaryAmountAfterGraduation = levelTwoProxy.bursary();

console2.log(expectedBursaryAmountAfterGraduation);

console2.log(actualBursaryAmountAfterGraduation);

console2.log(bursaryAmountBeforeGraduation);

assert(expectedBursaryAmountAfterGraduation != actualBursaryAmountAfterGraduation);

assert(bursaryAmountBeforeGraduation == actualBursaryAmountAfterGraduation);

}

Recommended Mitigation: Subtract the total of the funds sent to the principal and the teacher(that is 40% of the bursary) from the bursary before paying out the wages.

Updates

Lead Judging Commences

yeahchibyke Lead Judge 3 months ago

Submission Judgement Published

Validated

Assigned finding tags:

bursary not updated

The bursary is not updated after wages have been paid in `graduateAndUpgrade()` function

Rewards breakdown

nSLOC

243

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.