Hawk High

First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Submission Details
Severity: high
Valid

Vulnerable Wage Distribution

Summary

The way the wage distribution is currently structured limits how many teachers can be paid.
For example if there are more than 2 teachers:

[0] Teacher -> 35% ✅

[1] Teacher -> 70% ✅

[2] Teacher -> 105% ❌

Vulnerability Details

The issue is that TEACHER_WAGE is treated as 35% per teacher out of bursary, but should be considered as 35% of bursary for all teachers.

Impact

If the distribution is "fixed percentages per-teacher", only 2 teachers can be paid.

Tranasaction reverts due to insufficient balance

The rest of the teachers can not be paid.

One of the main functionalities of the contract, paying teachers, is not working properly.

Tools Used

Manual Code Review

Recommendations

Divide a fixed total wage among all teachers.

TEACHER_WAGE becomes the total budget for teachers.

uint256 totalTeachers = listOfTeachers.length;
uint256 totalTeacherBudget = (bursary * TEACHER_WAGE) / PRECISION;
uint256 payPerTeacher = totalTeacherBudget / totalTeachers;


Updates

Lead Judging Commences

yeahchibyke Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

incorrect teacher pay calculation

`payPerTeacher` in `graduateAndUpgrade()` is incorrectly calculated.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.