Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Incorrect Mathmatical calculation in function `graduateAndUpgrade` .

shubu2581

Summary

In function graduateAndUpgrade we are calculating payperTeacher & principalPay . But we are calculating incorrectly, bursary is the total fund of contract. if we multiply bursary by TEACHER_WAGE OR PRINCIPAL_WAGE . we will get the husge amount, which will be greater than whole bursary fund. Paying this much of wage can lead to loss of funds.

Vulnerability Details

In function graduateAndUpgrade we are calculating payperTeacher & principalPay . But we are calculating incorrectly, bursary is the total fund of contract. if we multiply bursary by TEACHER_WAGE OR PRINCIPAL_WAGE . we will get the husge amount, which will be greater than whole bursary fund. Paying this much of wage can lead to loss of funds.

https://github.com/CodeHawks-Contests/2025-05-hawk-high/blob/3a7251910c31739505a8699c7a0fc1b7de2c30b5/src/LevelOne.sol#L302


https://github.com/CodeHawks-Contests/2025-05-hawk-high/blob/3a7251910c31739505a8699c7a0fc1b7de2c30b5/src/LevelOne.sol#L303


uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;
uint256 principalPay = (bursary * PRINCIPAL_WAGE) / PRECISION;
function graduateAndUpgrade(address _levelTwo, bytes memory) public onlyPrincipal {
if (_levelTwo == address(0)) {
revert HH__ZeroAddress();
}
uint256 totalTeachers = listOfTeachers.length;// we dosent check for the cutoffscore, if any student dont achived that, upgrade should not be happening & if anybody have given <5 review
uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;
uint256 principalPay = (bursary * PRINCIPAL_WAGE) / PRECISION;// q incorrect mathmatical calculation
_authorizeUpgrade(_levelTwo); // q cannot upgrade is sesson is not ended
for (uint256 n = 0; n < totalTeachers; n++) {
usdc.safeTransfer(listOfTeachers[n], payPerTeacher); // q if one teacher gets blacklist no one will get the reward
}
usdc.safeTransfer(principal, principalPay);

Impact

This much transfer of funds to the teacher or principal can lead to loss of funds .

Tools Used

Manual Review

Recommendations

Correct the formula .

Updates

Lead Judging Commences

yeahchibyke Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Appeal created

shubu2581 Submitter
3 months ago
yeahchibyke Lead Judge
3 months ago
yeahchibyke Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

incorrect teacher pay calculation

`payPerTeacher` in `graduateAndUpgrade()` is incorrectly calculated.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.