Hawk High

First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Submission Details
Impact: medium
Likelihood: medium
Invalid

Dos in function `graduateAndUpgrade`

Summary

In function graduateAndUpgrade in for loop when we are transfering usdc to the teachers , if one teacher cant recive the amount due to some reason , then it will prevent all other teacher from getting amount. Creating the condition for permanent dos .

Vulnerability Details

In function graduateAndUpgrade in for loop when we are transfering usdc to the teachers , if one teacher cant recive the amount due to some reason , then it will prevent all other teacher from getting amount. Creating the condition for permanent dos .

https://github.com/CodeHawks-Contests/2025-05-hawk-high/blob/3a7251910c31739505a8699c7a0fc1b7de2c30b5/src/LevelOne.sol#L307


for (uint256 n = 0; n < totalTeachers; n++) {
usdc.safeTransfer(listOfTeachers[n], payPerTeacher);
}
function graduateAndUpgrade(address _levelTwo, bytes memory) public onlyPrincipal {
if (_levelTwo == address(0)) {
revert HH__ZeroAddress();
}
uint256 totalTeachers = listOfTeachers.length;
uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;
uint256 principalPay = (bursary * PRINCIPAL_WAGE) / PRECISION;
_authorizeUpgrade(_levelTwo);
for (uint256 n = 0; n < totalTeachers; n++) {
usdc.safeTransfer(listOfTeachers[n], payPerTeacher);
}
usdc.safeTransfer(principal, principalPay);
}

Impact

This will prevent other teacher from getting the payment .

Tools Used

Manual review

Recommendations

Whitelist the teacher list, see if they can recive the amount or not .

Updates

Lead Judging Commences

yeahchibyke Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.