[L-01] Inconsistent dao.maxMembers Update in updateDAOMembership May Lead to Membership Discrepancies

Summary

The MembershipFactory::updateDAOMembership function allows backend administrators to update the tier configurations for a DAO. However, it only updates the dao.maxMembers value if the recalculated maxMembers exceeds the current value. This approach can cause dao.maxMembers to inaccurately reflect the sum of the updated tier member limits if they are reduced. As a result, there may be discrepancies between the sum of the tierConfigs allowed caps and the maxMembers value in the DAO's DAOConfig structure, potentially leading to unintended behavior in membership management.

Vulnerability Details

In the updateDAOMembership function, the loop recalculates the total maxMembers by summing up the allowed capacities of each tierConfig. If the recalculated maxMembers is lower than the current dao.maxMembers, the function does not update the dao.maxMembers variable, as shown in the code snippet below:

If a configuration update reduces the total capacity, dao.maxMembers retains the previous higher value, causing a discrepancy with the sum of tierConfigs. This discrepancy may lead to unexpected behavior if other parts of the contract rely on dao.maxMembers as an accurate representation of total membership capacity.

Impact

Due to the inconsistency between the dao.maxMembers value and the actual sum of the tierConfigs capacity, the contract could:

• Incorrectly track membership limits, leading to over-allocation of memberships beyond the intended limit.

• Create confusion for users or external systems relying on dao.maxMembers for validation or reporting purposes.

Tools Used

Manual Review

Recommendations

To maintain consistency, update the dao.maxMembers value to match the recalculated total of tierConfigs regardless of whether it increases or decreases:

This ensures dao.maxMembers accurately represents the current configuration of the DAO and reduces the risk of mismatches and unintended behavior.