violation of financial invariants and storage layout incompatibility due to an increase in teacher's wage in leveltwo contract
Summary
The LevelOne contract enforces an invariant where teachers receive exactly 35% of the bursary. In LevelTwo, this percentage has been increased to 40%:
Vulnerability Details
Violation of Financial Invariants
Description: The original contract likely includes logic that depends on the 35% allocation to teachers. Changing this percentage can disrupt calculations related to fund distribution.
Impact: Overpayment to teachers may occur, leading to insufficient funds for other stakeholders or operations. This can cause financial imbalances.
Storage Layout Incompatibility
Description: In Solidity, the order and type of state variables determine their storage slots. Introducing a new constant or changing existing ones can lead to storage collisions if not managed correctly.
Impact: Storage collisions can corrupt data, leading to unpredictable behavior or security vulnerabilities. For instance, if the new constant overwrites an existing variable's storage slot, it can alter the contract's logic unexpectedly.
Impact
Security Vulnerabilities: Storage collisions and inconsistent logic can open avenues for attacks, leading to potential loss of funds or control over the contract.
Financial Discrepancies: The unexpected increase in teacher wages can lead to budget shortfalls for other operations or stakeholders.
Tools Used
Manual code review
Recommendations
Maintain Consistent Invariants: Ensure that critical financial parameters, like the teachers' wage percentage, remain consistent across contract versions unless a change is agreed upon by all stakeholders.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.