Bursary Accounting Error Leading to Incorrect Fund Tracking In `LevelOne::graduateAndUpgrade`.
Summary
The graduateAndUpgrade function calculates wage payments based on the current bursary value but fails to update the bursary state variable after distributing funds. This results in an inconsistent internal state where the tracked bursary does not reflect the actual remaining balance (60%), violating protocol accounting rules.
Vulnerability Details
Affected Component:
graduateAndUpgrade Function:
Code Flaw: The function transfers 40% of the
bursary(35% to teachers, 5% to the principal) but does not reduce thebursaryby the paid-out amount.Protocol Violation: The documentation specifies that 60% of the
bursaryshould remain post-upgrade, but the internal state incorrectly retains 100% of the original value.
Example:
Initial
bursary = 1000 USDC.graduateAndUpgradepays out400 USDC(40%) but leavesbursary = 1000 USDC(should be600 USDC).
Impact
High State Inconsistency:
-
Incorrect Accounting: Subsequent interactions with the contract (e.g., future upgrades, fee calculations) will use an inflated
bursaryvalue, leading to:Miscalculations in wage distributions.
Protocol logic relying on inaccurate financial data.
Tools Used
Recommendations
Fix: Update bursary After Payments
Adjust the bursary state variable to reflect the remaining 60%:
Lead Judging Commences
bursary not updated
The bursary is not updated after wages have been paid in `graduateAndUpgrade()` function
bursary not updated
The bursary is not updated after wages have been paid in `graduateAndUpgrade()` function
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.