Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: medium
Likelihood: medium
Invalid

Unfair Teacher Payment System in Session Removal

igorwarkocz

Summary

The removeTeacher function in LevelOne.sol allows removing teachers during an active session without compensating them for their work, creating an unfair payment system.

Vulnerability Details

function removeTeacher(address _teacher) public onlyPrincipal {
if (_teacher == address(0)) {
revert HH__ZeroAddress();
}
if (!isTeacher[_teacher]) {
revert HH__TeacherDoesNotExist();
}
uint256 teacherLength = listOfTeachers.length;
for (uint256 n = 0; n < teacherLength; n++) {
if (listOfTeachers[n] == _teacher) {
listOfTeachers[n] = listOfTeachers[teacherLength - 1];
listOfTeachers.pop();
break;
}
}
isTeacher[_teacher] = false;
emit TeacherRemoved(_teacher);
}

  • Teachers can be removed at any time during an active session

  • No pro-rated payment calculation for partial session work

  • Teachers lose all compensation for work done if removed before session end

  • Example: Teacher removed one day before session end loses payment for previous 6 days

Impact

Medium: This vulnerability leads to:

  • Potential loss of earned wages

  • Unfair treatment of teachers

  • Negative impact on teacher trust and retention

Tools Used

Manual code review

Recommendations

For example implement pro-rated payment calculation based on time worked or add a function to calculate and distribute partial payments upon removal.

Updates

Lead Judging Commences

yeahchibyke Lead Judge 23 days ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.