Principal Can Illegitimately Add Themselves as a Teacher
Summary
The addTeacher() function allows the principal to add any address as a teacher, including their own address. This creates a potential for abuse, where the principal can register themselves as a teacher and receive undeserved salary payouts or benefits associated with teachers.
Vulnerability Details
In the addTeacher() function, the only access control is the onlyPrincipal modifier, which restricts usage to the principal. However, the function does not prevent the principal from adding their own address as a teacher:
According to the defined payment structure, the principal is entitled to 5% of the bursary, while 35% is shared among all teachers. By adding themselves as a teacher, the principal could illegitimately claim a double share—5% as the principal and an additional portion of the 35% meant for teachers. This manipulation increases the principal's payout beyond the intended design, violating the economic invariants of the contract and potentially reducing the fair share allocated to legitimate teaching staff.
Impact
Unfair Salary Distribution: The
principalcould claim multiple salaries by assigning themselves dual roles (as both administrator and teacher).Undermining role separation: The integrity of the teacher assignment logic is compromised, especially in systems where teacher roles come with entitlements or reviewing score rights.
Tools Used
Manual Code Review
Recommendations
Add a validation check to prevent the principal from adding themselves as a teacher:
Lead Judging Commences
principal can become teacher
Principal can add themselves as teacher and share in teacher pay upon graduation
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.