Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: medium
Likelihood: medium
Invalid

Insufficient Validation in `graduateAndUpgrade` in `LevelOne.sol`

0x_wind

Summary

The graduateAndUpgrade function lacks proper validation of critical inputs and contract state, which may lead to failed transactions, fund loss, or improper fund distribution.

Vulnerability Details

Missing Validation on principal Address

There is no check to ensure that principal is a non-zero address. If it is unset or zero, the final transfer to the principal will fail and revert the whole function.

No Bursary Validation

Doesn't verify if bursary has sufficient funds, which may calculate incorrect payment amounts and could lead to failed transfers or zero-value payments.

uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;
uint256 principalPay = (bursary * PRINCIPAL_WAGE) / PRECISION;

Impact

Incorrect/ no payments.

Contract getting stuck in invalid state.

Tools Used

Manual code review

Static analysis

Recommendations

Add Validation on principal:

require(principal != address(0), "Invalid principal address");

Validate bursary is Greater Than Zero:

require(bursary > 0, "Bursary amount is zero");
Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
yeahchibyke Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.