Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Missing Bursary Transfer in Contract Upgrade

igorwarkocz

Summary

The graduateAndUpgrade function in LevelOne.sol fails to transfer 60% of the bursary to the new contract during the upgrade process, potentially leaving funds stranded in the old contract.

Vulnerability Details

function graduateAndUpgrade(address _levelTwo, bytes memory) public onlyPrincipal {
if (_levelTwo == address(0)) {
revert HH__ZeroAddress();
}
uint256 totalTeachers = listOfTeachers.length;
uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;
uint256 principalPay = (bursary * PRINCIPAL_WAGE) / PRECISION;
_authorizeUpgrade(_levelTwo);
for (uint256 n = 0; n < totalTeachers; n++) {
usdc.safeTransfer(listOfTeachers[n], payPerTeacher);
}
// No transfer of bursary funds to the new contract
usdc.safeTransfer(principal, principalPay);
}

60% of the bursary should be transferred to LevelTwo contract but funds remain in the old contract after upgrade.
No proper fund management during upgrade process.

Impact

High: This vulnerability:

  • Could lead to funds being locked in the old contract

  • May cause financial issues for the new contract

  • Could affect teacher and principal payments

  • Makes the upgrade process incomplete

Tools Used

Manual code review

Recommendations

Add bursary transfer logic to graduateAndUpgrade:

uint256 transferAmount = (bursary * 60) / 100;
usdc.safeTransfer(_levelTwo, transferAmount);
Updates

Lead Judging Commences

yeahchibyke Lead Judge 30 days ago
Submission Judgement Published
Validated
Assigned finding tags:

stuck funds in system

Funds are stuck in `LevelOne()` contract after upgrade.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.