Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

No Mechanism to Handle Bursary, these funds remains idle within the contract

mentemdeus

Summary

The LevelTwo contract defines a bursary variable. However, there is no function or logic to handle the remaining 60% of the bursary.

Vulnerability Details

Without a mechanism to manage the remaining 60% of the bursary, these funds remain idle within the contract.
Without explicit functions to handle the remaining bursary funds, it's unclear how these funds are to be used or who has authority over them.

Impact: This lack of transparency can lead to governance issues and potential misuse of funds.

Impact

bursary funds that reflects on level two contract, get's stuck because there is no mechanism to withdraw or control, funds automatically remains idle withn the contract

Tools Used

Manual code review

Recommendations

  1. Implement Withdrawal Mechanisms: Introduce functions that allow authorized parties to withdraw or allocate the remaining bursary funds appropriately.

2.Establish Access Controls: Use access control mechanisms to restrict who can allocate or withdraw bursary funds.

function withdrawRemainingBursary(address recipient, uint256 amount) external onlyAuthorized {
require(amount <= bursary * 60 / 100, "Exceeds remaining bursary");
usdc.safeTransfer(recipient, amount);
}
Updates

Lead Judging Commences

yeahchibyke Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

stuck funds in system

Funds are stuck in `LevelOne()` contract after upgrade.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.