Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Bursary amount not updated after distribution, leading to incorrect future fund calculations

harisuthan5534798

Description

In the graduateAndUpgrade function, the bursary amount is not updated or reset after the funds are distributed to the teachers and principal. As a result, the bursary still holds the old value, which is no longer available in the contract.

Proof of code

You can see in the code that the bursary value is not updated after the distribution

function graduateAndUpgrade(address _levelTwo, bytes memory) public onlyPrincipal {
if (_levelTwo == address(0)) {
revert HH__ZeroAddress();
}
uint256 totalTeachers = listOfTeachers.length;
uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;
uint256 principalPay = (bursary * PRINCIPAL_WAGE) / PRECISION;
_authorizeUpgrade(_levelTwo);
for (uint256 n = 0; n < totalTeachers; n++) {
usdc.safeTransfer(listOfTeachers[n], payPerTeacher);
}
usdc.safeTransfer(principal, principalPay);
}

Impact

1) Any future calculation that depends on the bursary value will be incorrect, since the value is outdated.

2) This can lead to transaction failures due to insufficient balance or logic errors

Tools Used

1) Vs code

2) Manual review

Recommendations

Update the bursary value.

bursary -= payPerTeacher + principalPay;
Updates

Lead Judging Commences

yeahchibyke Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

bursary not updated

The bursary is not updated after wages have been paid in `graduateAndUpgrade()` function

yeahchibyke Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

bursary not updated

The bursary is not updated after wages have been paid in `graduateAndUpgrade()` function

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.