Hawk High

First Flight #39

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: high

Likelihood: high

Invalid

Potential constatnt Revert in graduateAndUpgrade Due to Token Transfer Failures

seashell

Summary graduateAndUpgrade may revert if any teacher's address cannot receive USDC tokens.

Vulnerability Details A single failed transfer could block the entire upgrade process. with the teacher list scaling up, the likihood increased to the point that this function is almost not useable .

Impact entire `graduateAndUpgrade` process will fail if even one transfer fails. This not only prevents the upgrade but also halts the distribution of funds to all teachers and the principal. It effectively renders the function unusable in a real-world scenario with a large teacher list, undermining the contract's core functionality.

Tools Used manual review

Recommendations

1. Implement batch payment logic with error handling to skip failed transfers and continue processing the rest.

2.Validate teacher addresses before adding them to `listOfTeachers` to ensure they can receive USDC

tokens.

Updates

Lead Judging Commences

yeahchibyke Lead Judge 4 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

yeahchibyke Lead Judge 4 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Rewards breakdown

nSLOC

243

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.