Hawk High

Summary

The graduateAndUpgrade function in LevelOne.sol only allocates 40% of the total bursary (35% for teachers and 5% for principal), leaving 60% of the bursary unallocated and unaccounted for.

Vulnerability Details

In the graduateAndUpgrade function:

Where:

• TEACHER_WAGE is 35 (35%)

• PRINCIPAL_WAGE is 5 (5%)

• PRECISION is 100

The function only distributes 40% of the total bursary:

• 35% is distributed among teachers

• 5% is given to the principal

• 60% remains unallocated in the contract

This means that a significant portion of the school's funds are not being utilized as intended, and there is no clear documentation or handling of the remaining 60% of the bursary.

Impact

• 60% of the school's bursary remains locked in the contract

• No clear mechanism to access or utilize the remaining funds

• Could lead to significant financial inefficiency

• May affect the school's ability to properly fund its operations

• Creates uncertainty about the intended use of the full bursary

Tools Used

• Manual code review

Recommendations

1. Document the intended use of the remaining 60% of the bursary

2. Consider implementing a mechanism to handle the remaining funds, such as:

   • Allocating it to a school reserve

   • Distributing it among students

   • Creating a mechanism for the principal to allocate it

   • Adding a function to transfer it to a specified address

3. Add clear comments explaining the current allocation and why 60% is left unallocated

4. Consider adding events to track the unallocated amount

Example implementation: