Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Overpayment to Teachers in `graduateAndUpgrade`

thecarrot

Overpayment to Teachers in graduateAndUpgrade

Summary

The contract pays each teacher the full teacher wage portion of the bursary rather than distributing it evenly among all teachers.

Vulnerability Details

The following code:

uint256 payPerTeacher = (bursary * TEACHER_WAGE) / PRECISION;
for (uint256 n = 0; n < totalTeachers; n++) {
usdc.safeTransfer(listOfTeachers[n], payPerTeacher);
}

calculates the entire teacher share and then pays that amount to each teacher. If there are 3 teachers, they receive a total of 3x the intended amount.

Impact

Overpayment depletes the contract’s USDC balance and may leave insufficient funds for the principal. It can also cause the final transfer to revert due to insufficient balance.

Tools Used

Manual Review

Recommendations

Split the teacher share equally:

uint256 totalTeacherShare = (bursary * TEACHER_WAGE) / PRECISION;
uint256 payPerTeacher = totalTeacherShare / totalTeachers;
Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

incorrect teacher pay calculation

`payPerTeacher` in `graduateAndUpgrade()` is incorrectly calculated.

yeahchibyke Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

incorrect teacher pay calculation

`payPerTeacher` in `graduateAndUpgrade()` is incorrectly calculated.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.