Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Misleading event name UserJoinedDAO in upgradeTier()

hawks

Summary

Function upgradeTier allows users to update their tier within a sponsored DAO, however the function emit UserJoinedDAO.

Vulnerability Details

Using UserJoinedDAO is incorrect , it can cause confusion because the function update user tier for an existing DAO, not for joining the DAO.

function upgradeTier(address daoMembershipAddress, uint256 fromTierIndex) external {
require(daos[daoMembershipAddress].daoType == DAOType.SPONSORED, "Upgrade not allowed.");
require(daos[daoMembershipAddress].noOfTiers >= fromTierIndex + 1, "No higher tier available.");
IMembershipERC1155(daoMembershipAddress).burn(_msgSender(), fromTierIndex, 2);
IMembershipERC1155(daoMembershipAddress).mint(_msgSender(), fromTierIndex - 1, 1);
emit UserJoinedDAO(_msgSender(), daoMembershipAddress, fromTierIndex - 1);
}

Impact

Using UserJoinedDAO can be misleading for users.

Users may think the action is for joining instead of upgrading, leading to misunderstandings in user interfaces.

Developers might misinterpret the event purpuse.

Tools Used

Manual Review

Recommendations

Rename the event to something more descriptive, such as UserUpgradedTier would make it more clear and more consistent with the function purpuse.

Change the event name from UserJoinedDAOtoUserUpgradedTier.

function upgradeTier(address daoMembershipAddress, uint256 fromTierIndex) external {
require(daos[daoMembershipAddress].daoType == DAOType.SPONSORED, "Upgrade not allowed.");
require(daos[daoMembershipAddress].noOfTiers >= fromTierIndex + 1, "No higher tier available.");
IMembershipERC1155(daoMembershipAddress).burn(_msgSender(), fromTierIndex, 2);
IMembershipERC1155(daoMembershipAddress).mint(_msgSender(), fromTierIndex - 1, 1);
emit UserUpgradedTier(_msgSender(), daoMembershipAddress, fromTierIndex - 1);
}
Updates

Lead Judging Commences

0xbrivan2 Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.