Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Unhandled 60% of `bursary` Funds

nem0thefinder

Vulnerability Details

In the current implementation of the graduateAndUpgrade function, only 40% of the bursary is distributed:

  • 5% is sent to the principal.

  • 35% is allocated to teachers (divided among them).

The remaining 60% of the bursary is left unaccounted for and permanently locked in the contract with no mechanism to withdraw, reallocate, or utilize it. Over time, this can lead to a significant accumulation of inaccessible funds, reducing the efficiency and usability of the contract.

Proof Of Concept

evelOne.sol#L302C8-L303C71

uint256 principalAmount = (bursary * 5) / PRECISION;
uint256 teacherAmount = (bursary * 35) / PRECISION;
// 60% of the bursary remains in the contract with no way to withdraw or use it

Recommendation

Implement a clear handling strategy for the remaining 60%

Updates

Lead Judging Commences

yeahchibyke Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

stuck funds in system

Funds are stuck in `LevelOne()` contract after upgrade.

Appeal created

nem0thefinder Submitter
3 months ago
yeahchibyke Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

stuck funds in system

Funds are stuck in `LevelOne()` contract after upgrade.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.