Submission Details
Severity:
Improper Validation in graduateAndUpgrade Payout Logic
Summary
If multiple teachers exist, the total payPerTeacher * n + principalPay might exceed bursary, especially due to rounding issues.
Vulnerability Details
If multiple teachers exist, the total payPerTeacher * n + principalPay might exceed bursary, especially due to rounding issues.
Impact.
Potential overpayment causing reverts or token loss.
Tools Used
Recommendations
Use cumulative allocation logic and ensure total payouts don’t exceed bursary.
Consider:
uint256 remaining = bursary - principalPay; uint256 payPerTeacher = remaining / totalTeachers;
Updates
Lead Judging Commences
yeahchibyke 3 months ago
Submission Judgement Published Assigned finding tags:
incorrect teacher pay calculation
`payPerTeacher` in `graduateAndUpgrade()` is incorrectly calculated.
yeahchibyke 3 months ago
Submission Judgement Published Assigned finding tags:
incorrect teacher pay calculation
`payPerTeacher` in `graduateAndUpgrade()` is incorrectly calculated.
Rewards breakdown
nSLOC
243This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.