Project

One World

NFTDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Proxy Initialization in createNewDAOMembership

hackz

Summary

The createNewDAOMembership function in the MembershipFactory.sol contract contains an issue with the proxy initialization. If the initialize function in the proxy implementation (MembershipERC1155) is either missing or incorrectly defined, the proxy contract will fail to initialize, causing DAO creation to break.

Finding Description

In the createNewDAOMembership function, the contract creates a new TransparentUpgradeableProxy to deploy a DAO membership ERC1155 contract. This proxy is initialized with a constructor call:

abi.encodeWithSignature("initialize(string,string,string,address,address)", daoConfig.ensname, "OWP", baseURI, _msgSender(), daoConfig.currency)

If the initialize function is missing or incorrectly implemented in the MembershipERC1155 contract, the proxy deployment will fail, and the DAO creation will not be successful. This breaks the security guarantee of DAO creation and prevents the intended functionality of the contract.

This bug doesn't automatically trigger but can be exploited if the initialize function is not implemented or is faulty in the MembershipERC1155 contract. Malicious actors could potentially manipulate this function to create proxies that do not initialize properly, leading to the failure of DAO creation and a lack of governance functionality.

Vulnerability Details

The vulnerability stems from a missing or incorrectly implemented initialize function in the proxy contract (MembershipERC1155). If the initialize function is not available or doesn't match the expected signature, the proxy will fail during its initialization, resulting in a non-functional contract.

The specific issues that could arise include:

The failure to set the correct state in the proxy, such as the ENS name, base URI, and currency.
The potential for DAO creation to silently fail, with no indication that the DAO contract has not been properly initialized.
Lack of proper checks for the success of the initialization function call.

Impact

The impact of this bug is high, as it prevents the successful creation and initialization of a DAO membership contract. This means:

Users cannot join or interact with the DAO since the proxy is not initialized.
Any governance mechanism relying on the proxy contract is rendered non-functional.
The contract's fundamental purpose — to create and manage DAOs — is broken, leading to significant disruptions in its usage.

This directly undermines the contract’s intended functionality, and a failure to initialize the proxy means that DAO governance and membership management cannot occur.

Proof of Concept

Deploy the contract with a MembershipERC1155 implementation that lacks the initialize function.
Call the createNewDAOMembership function with valid parameters.
The function will execute without errors, but the proxy contract created will not be initialized correctly, causing it to be non-functional.
Any further interactions with the DAO (e.g., joining a tier or upgrading) will fail due to the uninitialized proxy.

Recommendations

To fix this issue, ensure that the MembershipERC1155 contract includes a properly defined initialize function that matches the expected signature and is called during the proxy initialization.

Here is an example of the corrected initialize function in MembershipERC1155:

// In MembershipERC1155.sol (or relevant implementation contract)

function initialize(

string memory ensName,

string memory symbol,

string memory baseURI,

address admin,

address currency

) public initializer {

require(bytes(ensName).length > 0, "Invalid ENS name");

require(bytes(symbol).length > 0, "Invalid symbol");

require(bytes(baseURI).length > 0, "Invalid base URI");

require(admin != address(0), "Invalid admin address");

// Initialize the contract state variables

_ensName = ensName;

_symbol = symbol;

_baseURI = baseURI;

_admin = admin;

_currency = currency;

// Additional initialization logic as needed

}

This initialize function ensures that the proxy contract is properly set up with the required parameters (ensName, symbol, baseURI, admin, and currency).

Additionally, ensure that the proxy implementation (MembershipERC1155) includes the initializer modifier to prevent re-initialization:

import "@openzeppelin/contracts/proxy/utils/Initializable.sol";

contract MembershipERC1155 is Initializable {

// Contract code here...

}

By adding these changes, the proxy contract will initialize correctly, and the DAO creation will function as intended.

File Location: `MembershipFactory.sol`

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Lack of quality

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

541

28 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.