Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

MembershipFactory.upgradeTier does not change the amount minted in respective tiers

peanuts

Summary

Every tier checks the number of people that have minted against the total amount that the tier has. When a user upgrade their tier, this index is not updated.

Vulnerability Details

In joinDAO(), amount is checked against minted.

> require(daos[daoMembershipAddress].tiers[tierIndex].amount > daos[daoMembershipAddress].tiers[tierIndex].minted, "Tier full.");
uint256 tierPrice = daos[daoMembershipAddress].tiers[tierIndex].price;
uint256 platformFees = (20 * tierPrice) / 100;
> daos[daoMembershipAddress].tiers[tierIndex].minted += 1;

minted is then increased by 1, indicating that 1 person has minted an NFT and has joined the tier.

In upgradeTier(), these amounts are not updated:

function upgradeTier(address daoMembershipAddress, uint256 fromTierIndex) external {
require(daos[daoMembershipAddress].daoType == DAOType.SPONSORED, "Upgrade not allowed.");
require(daos[daoMembershipAddress].noOfTiers >= fromTierIndex + 1, "No higher tier available.");
IMembershipERC1155(daoMembershipAddress).burn(_msgSender(), fromTierIndex, 2);
IMembershipERC1155(daoMembershipAddress).mint(_msgSender(), fromTierIndex - 1, 1);
emit UserJoinedDAO(_msgSender(), daoMembershipAddress, fromTierIndex - 1);
}

When a person moves up a tier, he has to burn 2 NFTs from the higher index for a lower index. The amount for the higher index should decrease by 2 and the amount for the lower index should increase by 1.

Impact

The amount minted check will not be accurate.

Tools Used

Manual Review

Recommendations

Recommend updating the amount and minted when calling upgradeTier().

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.