Teacher Removal During Active Session May Lead to Salary Distribution Disputes
Summary
The removeTeacher() function allows the principal to remove a teacher during an active session. This flexibility introduces ambiguity around salary distribution and creates potential for disputes or manipulative behavior after work has already been performed.
Vulnerability Details
The removeTeacher() function lacks any restrictions on when it can be called. Specifically, there is no guard against execution during an ongoing session, which means the principal can remove a teacher after they have already contributed but before salary distribution is calculated.
According to the contract's economic invariant, 35% of the bursary is shared among teachers. If a teacher is removed during or near the end of a session, there may be a disagreement over whether they are entitled to a share of the 35%, especially if the contribution has already occurred. This opens the door for:
Principal abuse: removing teachers to manipulate fund allocation.
This undermines transparency, fair compensation, and potentially breaks assumptions in off-chain payroll systems.
Impact
Unfair salary distribution: Teachers who contributed during the session may be excluded from the payout.
Principal abuse potential: The principal can unilaterally alter salary outcomes by removing teachers arbitrarily.
Trust and governance risks: Affected teachers or stakeholders may dispute the fairness of the system.
Tools Used
Manual code review
Recommendations
Add a modifier (e.g.,
notYetInSession) to prevent teacher removal during an active session:
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.