Incorrect event emit name in the `MembershipFactor::upgradeTier` function
Summary
The MembershipFactory::upgradeTier function in the DAO contract allows users to upgrade their membership tier within a sponsored DAO. However, there is an inconsistency in the emitted event name, UserJoinedDAO, which does not accurately reflect the function’s purpose of upgrading a user’s tier. This misnaming may lead to confusion when reviewing logs and event data.
Vulnerability Details
The event UserJoinedDAO is emitted during the upgradeTier function, which is misleading. The function does not pertain to a user "joining" the DAO but rather upgrading their tier. This discrepancy could lead to confusion, especially for developers and users relying on event logs for actions in the DAO. The event name does not align with the business logic of the function, which is a tier upgrade.
Impact
The incorrect event name can cause confusion for other smart contract functions or external systems relying on event logs to understand the user’s actions.
It may mislead users or DAO administrators reviewing the on-chain history, especially if they rely on event names to monitor user activity. While this does not directly compromise security, it can complicate incident response and system monitoring efforts.
Tools Used
Manual Review
Recommendations
Change the event name to UserUpgradedTier to accurately reflect the function's purpose.
Update Event event definition.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.