Unfair Payout logic in (graduateAndUpgrade) function
Summary
There is an unfair payout logic in graduateAndUpgrade function where the pyout share for teacher can exceed the total amount of bursary itself.
Vulnerability Details
In the graduateAndUpgrade function the logic behind payment share is calculated in a way that it may even exceed the total amount of bursary in the contract. The code below has flaw in its logic:
According to the above code line let's assume Total Bursary amount is 1000usdc and there are 3 teachers to be paid than according to the code
1000 * 35 = 35000 / 100 = 350. And to be paid to 3 teachers 350 * 3 = 1050 which exceeds the total bursary amount itself.
Impact
This flaw in the code can pay the teachers the amount that they are not suppose to recieve and may even drain all the amount in the contract itself to one teacher itself.
Tools Used
Manual Testing
Recommendations
Instead of that we can add the following line of code:
Lead Judging Commences
incorrect teacher pay calculation
`payPerTeacher` in `graduateAndUpgrade()` is incorrectly calculated.
incorrect teacher pay calculation
`payPerTeacher` in `graduateAndUpgrade()` is incorrectly calculated.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.