The graduateAndUpgrade
function attempts to distribute teacher payments by dividing teachersShare
by totalTeachers
. However, if listOfTeachers
is empty, this results in a division-by-zero error that reverts the entire transaction, halting upgrades and locking funds indefinitely.
If listOfTeachers.length == 0
, this code becomes dangerous:
This reverts the transaction entirely, preventing:
Payment to the principal
Upgrade to LevelTwo
Graduation of students
Bursary adjustment
listOfTeachers = []
(no teachers).
Principal calls graduateAndUpgrade()
.
totalTeachers = 0 → Division by zero
.
Entire upgrade fails and bursary remains locked.
No way to proceed without a contract upgrade or new teacher registration.
Denial of Service: Contract is rendered unusable for upgrades when no teachers are present.
Fund Locking: USDC in bursary
cannot be transferred or upgraded.
Protocol Freeze: Prevents all graduating actions for an entire session.
Manual review
Add a check for totalTeachers > 0
before computing payPerTeacher
:
Edge Case Handling: Skips teacher payment logic when none exist.
State Safety: Ensures bursary
is still reduced, complying with financial invariants.
Smooth Upgrades: Avoids transaction reverts that would block core functionality.
Protocol Continuity: Keeps upgrades running even in rare or testing scenarios with no teachers.
Invariant Integrity: 60% bursary is correctly maintained post-payment logic.
Robustness: Handles all input conditions gracefully without locking user funds.
Add a require(totalTeachers > 0)
early in the session lifecycle (if teachers must always be present).
Emit TeacherPaymentSkipped
event for auditability and transparency.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.