Project

Summary

The joinDAO function currently applies a fixed 20% fee on each tier purchase, regardless of the DAO type. This fee structure ensures protocol revenue but presents a vulnerability in Sponsored DAOs. Specifically, users in Sponsored DAOs can upgrade their tier by using two copies of a lower-tier token. This allows users to bypass the intended fees by purchasing a lower-cost tier and subsequently upgrading, thereby avoiding a significant portion of the protocol’s revenue.

Example Scenario

Consider a Sponsored DAO with the following tier prices:

• Tier 1: 100 USD

• Tier 2: 20 USD

A user could buy two copies of Tier 2 for a total of 40 USD, then upgrade to Tier 1 instead of paying the 100 USD required for a direct purchase. This results in a 60 USD savings for the user and circumvents the protocol’s fee associated with Tier 1, impacting the revenue model and tier price structure.

Impact

This issue allows users to avoid protocol fees within Sponsored DAOs, leading to potential revenue loss and undermining the intended price structure for tiered memberships

Tools Used

• manual

Recommendations

We suggest implementing checks to:

1. Compare the total amount paid for the lower tier against the cost of the tier being upgraded to.

2. Charge an additional fee to cover the difference up to the correct fee amount for the higher tier, or prevent the upgrade if the initial purchase value does not meet the required amount for the higher tier.

3. Tier Pricing Logic Enforcement: Implement minimum pricing logic to ensure that two lower-tier memberships cannot cost less than a single higher-tier membership. This will prevent users from exploiting lower-tier costs to access higher tiers at a discount.