Project

One World

NFTDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

joinDAO will transfer dust fee amount to platform and daoMembership

danzero

Summary

When joining a DAO, tier price is not scaled to currency decimal used by the DAO membership which can allow a DAO to be joined for almost free.

Vulnerability Details

ThejoinDAO function in MembershipFactory.sol does not scale the fee amount that will be transferred by the new member to the currency used in the DAO membership. Below is a snippet of the joinDAOfunction:

function joinDAO(address daoMembershipAddress, uint256 tierIndex) external {

require(daos[daoMembershipAddress].noOfTiers > tierIndex, "Invalid tier.");

require(daos[daoMembershipAddress].tiers[tierIndex].amount > daos[daoMembershipAddress].tiers[tierIndex].minted, "Tier full.");

uint256 tierPrice = daos[daoMembershipAddress].tiers[tierIndex].price;

uint256 platformFees = (20 * tierPrice) / 100;

daos[daoMembershipAddress].tiers[tierIndex].minted += 1;

IERC20(daos[daoMembershipAddress].currency).transferFrom(_msgSender(), owpWallet, platformFees);

IERC20(daos[daoMembershipAddress].currency).transferFrom(_msgSender(), daoMembershipAddress, tierPrice - platformFees);

IMembershipERC1155(daoMembershipAddress).mint(_msgSender(), tierIndex, 1);

emit UserJoinedDAO(_msgSender(), daoMembershipAddress, tierIndex);

}

As seen above, there tier price is taken directly from the stored value without any scaling to the currency used by the DAO membership.

It is reasonable to assume that DAO creator will not think of the currency decimal used in the DAO. So for example, if they want a tier price to be 10 USDC, then the price will be inputted as 10 by the DAO creator.

However most of ERC20 tokens by default is 18 decimals, and some tokens with smaller decimal that will be used as currency in this protocol is USDC,USDT which are 6 decimals.

So, if a DAO membership used USDC as the currency and the price of tier 0 is 10, new member will only require0.00001 in USDC to join the DAO.

Impact

DAO membership can be joined for almost free
Loss of fee for platform
Loss of fee for DAO membership

Tools Used

Manual review

Recommendations

Scale the tier price according to the currency decimal used by the DAO membership:

uint256 tierPrice = daos[daoMembershipAddress].tiers[tierIndex].price * IERC20(daos[daoMembershipAddress].currency).decimals();

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Appeal created

danzero Submitter

10 months ago

0xbrivan2 Lead Judge

10 months ago

danzero Submitter

10 months ago

0xbrivan2 Lead Judge

10 months ago

danzero Submitter

10 months ago

0xbrivan2 Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

541

28 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.