Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: medium
Likelihood: medium
Invalid

Denial-of-Service Risk in `graduateAndUpgrade` function of `LevelOne.sol`

0x_wind

Summary

The graduateAndUpgrade function has a potential DoS vulnerability which is due to unbounded loop operations used to distribute USDC payments to teachers.
If the list is too long or if any transfer fails, the function will revert, and execution and upgrades will be blocked.

Vulnerability Details

Root Cause

Unbounded Loop in graduateAndUpgrade() function leads to potential DoS (Denial of Service)

for (uint256 n = 0; n < totalTeachers; n++) {
usdc.safeTransfer(listOfTeachers[n], payPerTeacher); //DOS
}

The graduateAndUpgrade() function loops through listOfTeachers with no upper limit on array size.

Single Point of Failure

If there is a transfer failure (even a single one), due to a blacklisted address (teacher or principal), the whole transaction reverts.

Impact

  • Contract upgrade is blocked.

  • Permanent Denial of Service.

  • Teachers and the principal cannot receive their payments.

  • Principal unable to execute critical upgrades

Tools Used

Manual Review

Recommendations

Use OpenZeppelin's ReentrancyGuard:

function graduateAndUpgrade(...) public onlyPrincipal nonReentrant {
...
}

Make use of a Pull payment system:

mapping(address => uint256) public teacherBalances;
function withdrawTeacherPayment() external {
uint256 amount = teacherBalances[msg.sender];
require(amount > 0, "No funds available");
teacherBalances[msg.sender] = 0;
usdc.safeTransfer(msg.sender, amount);
}

Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.