Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Loss of School owned funds

lucky2892000

summary

only one teacher will get the pay and others wont (or) teachers can get all the amount from the bursary (or) cant able to execute graduateAndUpgrade because of wrong pay distrubutions to teachers

vulnerability details

invariant - teachers share of 35% of bursary

here 35% is for teachers and this is for all the teachers that have joing the school , and if we can see LevelOne::graduateAndUpgrade and the calculation for pay for each teacher

uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;

here we are paying all the 35% of all the teachers pay to one teacher and for processing for the second teacher , we are gonna pay from the school owned funds and if the contracts does not have enough funds it wont execute too

impact - High

likelyhood - High

Recommendations

function graduateAndUpgrade(address _levelTwo, bytes memory) public onlyPrincipal {
if (_levelTwo == address(0)) {
revert HH__ZeroAddress();
}
uint256 totalTeachers = listOfTeachers.length;
- uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;
+ uint256 payPerTeacher = (bursary * TEACHER_WAGE) / (PRECISION * totalTeachers.length);
uint256 principalPay = (bursary * PRINCIPAL_WAGE) / PRECISION;
_authorizeUpgrade(_levelTwo);
for (uint256 n = 0; n < totalTeachers; n++) {
usdc.safeTransfer(listOfTeachers[n], payPerTeacher);
}
usdc.safeTransfer(principal, principalPay);
}
Updates

Lead Judging Commences

yeahchibyke Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

incorrect teacher pay calculation

`payPerTeacher` in `graduateAndUpgrade()` is incorrectly calculated.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.