Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Eliminating Tiers Causes Data Mismatches, and Holders Can Keep Claiming Rewards

leanlabiano

Summary

In the updateDAOMembership function, modifying the tier configuration to reduce the number of tiers can lead to unintended access and reward issues for users who hold NFTs from eliminated tiers. Additionally, data continuity is impacted, as minted values from the removed tiers are lost, which can break the historical tracking of memberships and disrupt other functionalities that depend on a stable tier structure.

Vulnerability Details

When tiers are removed through the updateDAOMembership function, the following issues arise:

  1. Access and Rewards: Users with NFTs from removed tiers may still be able to claim rewards or benefits, despite their tier no longer being officially supported. This creates a mismatch between the DAO’s current tier structure and the benefits being claimed, potentially causing operational inconsistencies.

  2. Data Continuity Loss: Any minted values for the removed tiers are permanently deleted, breaking continuity in membership tracking and leading to data gaps. This loss of data can disrupt the historical integrity of the DAO's membership records.

While holders of eliminated tiers may still claim rewards, the factory contract fails to accurately track and validate these data, compromising the reliability of the DAO’s member history.

Removing tiers without retaining data on minted NFTs can lead to misleading information in the contract. If a tier is removed and later reintroduced, the minted count may incorrectly reset to zero, despite NFTs having previously been issued. This discrepancy can result in inaccurate member tracking, potentially allowing users to claim benefits or rewards erroneously and causing issues in DAO membership verification and governance continuity.

Impact

The impact of this vulnerability includes:

  1. Operational Inconsistency: Users with NFTs from removed tiers may continue claiming rewards, causing confusion and possible dissatisfaction among DAO members.

  2. Financial Impact: The DAO may incur additional expenses by distributing rewards to holders of NFTs from inactive tiers.

  3. Exceeding Minted Limits: When tiers are eliminated and new tiers are added afterward, the data on previously minted NFTs is lost. This can lead to a situation where more NFTs have been minted than the current tier structure allows, as the minted count for removed tiers resets to zero. Consequently, the DAO could have more minted units than the allowed maximum.

it("Risks When Decreasing DAO Membership Tiers", async function () {
await currencyManager.addCurrency(await testERC20.getAddress()); // Assume addCurrency function exists in CurrencyManager
// Create new dao TierConfig have 3 tiers
await membershipFactory.createNewDAOMembership(DAOConfig, TierConfig);
const ensToAddress = await membershipFactory.getENSAddress("testdao.eth");
await testERC20.mint(addr1.address, 99999n);
await testERC20.connect(addr1).approve(await membershipFactory.getAddress(), 99999n);
// user buy tier 3 (its start from 0)
await membershipFactory.connect(addr1).joinDAO(ensToAddress, 2);
// updateDAOMembership with 2 tiers (eliminate tier 3)
const newTierConfig = [{ price: 150, amount: 20, minted: 0, power:4 }, { price: 100, amount: 20, minted: 0, power:4 }];
await membershipFactory.updateDAOMembership("testdao.eth", newTierConfig);
const daoMembershipContract = await ethers.getContractAt("MembershipERC1155", ensToAddress);
// expect dao to have 2 tiers
const daoConfigNoOfTiersAfter = await membershipFactory.daos(ensToAddress); // index 4 == noOfTiers
expect(daoConfigNoOfTiersAfter[4]).to.equal(2);
// send profit
const profitAmmount = 100n;
await testERC20.mint(owner, profitAmmount);
await testERC20.approve(await daoMembershipContract.getAddress(), profitAmmount);
await daoMembershipContract.sendProfit(profitAmmount);
const userProfit = await daoMembershipContract.profitOf(addr1.address);
expect(userProfit).to.equal(profitAmmount);
// user claim profit
await expect(daoMembershipContract.connect(addr1).claimProfit()).not.to.be.reverted;
});
Output:
Audits\hh> npx hardhat test --grep "Risks When Decreasing DAO Membership Tiers"
MembershipFactory
POC MembershipFactory
✔ Risks When Decreasing DAO Membership Tiers
1 passing (1s)

Tools Used

  • Hardhat

Recommendations

  1. Validation Checks: Implement validation within the reward-claiming functions to prevent claims from NFTs associated with removed tiers.

  2. Data Migration: Introduce a process to either transfer or nullify NFTs from eliminated tiers, ensuring users are mapped to active tiers if possible.

  3. Restrict Tier Reduction with Active Minted IDs: Introduce a restriction in the updateDAOMembership function to prevent reducing the number of tiers when there are already minted IDs associated with those tiers. This safeguard ensures continuity in membership tracking and prevents potential issues with data validation and reward claiming for existing members.

  4. Preserve Minted Data for Removed Tiers: Ensure that data related to already minted NFTs is retained, even if a tier is removed, to prevent data inconsistencies. This approach avoids scenarios where re-adding tiers might incorrectly reset minted counts to zero, ensuring accurate tracking and reducing potential errors in member rewards and verification.

Updates

Lead Judging Commences

0xbrivan2 Lead Judge
10 months ago
0xbrivan2 Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.