The graduateAndUpgrade
function incorrectly distributes 35% of the bursary to each teacher instead of splitting the total 35% among all teachers. This results in excessive payouts when multiple teachers exist, violating the protocol’s defined wage structure and depleting the bursary beyond intended limits.
graduateAndUpgrade
Function:
Code Flaw: The current logic calculates payPerTeacher
as (bursary * TEACHER_WAGE) / PRECISION
, which allocates 35% of the bursary to each teacher (e.g., 2 teachers receive 70% total).
Protocol Violation: The documentation mandates that all teachers collectively share 35% of the bursary, not each teacher individually.
Bursary: 1000 USDC
Teachers: 2
Current Code:
Each teacher receives 350 USDC (35% of 1000).
Total teacher payout: 700 USDC (70% of bursary).
Intended Behavior:
Total teacher payout: 350 USDC (35% of 1000).
Each teacher receives 175 USDC (350 / 2).
Critical Fund Misallocation:
Bursary Overdrain: Teacher payouts exceed the allocated 35%, reducing the remaining bursary below the documented 60%.
Systemic Accounting Failure: Subsequent protocol operations (e.g., upgrades, refunds) will use incorrect bursary balances.
Protocol Halting: If multiple teachers exist, the contract may revert due to insufficient funds during transfers.
Revise the wage calculation to distribute the total 35% equally:
`payPerTeacher` in `graduateAndUpgrade()` is incorrectly calculated.
`payPerTeacher` in `graduateAndUpgrade()` is incorrectly calculated.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.