Project

Summary

The updateDAOMembership function lacks validation to ensure that the new amount values in TierConfig are not less than the existing minted counts. This oversight allows for scenarios where the number of minted tokens exceeds the new tier limits, potentially blocking new members from joining and causing inconsistencies in the DAO's tier structure.

Vulnerability Details

Location in Code:

function updateDAOMembership(string calldata ensName, TierConfig[] memory tierConfigs) external onlyRole(EXTERNAL_CALLER) returns (address)

{

// ...

// Missing validation for amount vs. minted

for (uint256 i = 0; i < tierConfigs.length; i++) {

if (i < dao.tiers.length) {

tierConfigs[i].minted = dao.tiers[i].minted;

} }

// ... }

Issue Explanation:

• No Check on amount vs. minted: The function does not verify that tierConfigs[i].amount >= tierConfigs[i].minted, allowing amount to be set lower than the number of already minted tokens.

• Membership Disruption: If amount is less than minted, the tier appears full or over-capacity, preventing new users from joining even if the intent was to allow more members.

Impact

• Legitimate users may be unable to join tiers due to incorrect configurations, harming the DAO's growth.

• DAO administrators may find it difficult to manage memberships and tiers effectively.

  The DAO could suffer reputational harm if users perceive it as mismanaged or unreliable.

Tools Used

• Manual Code Review: Examined the updateDAOMembership function for missing validations.

• Testing Frameworks: Created test cases where amount is set below minted to observe the effects.

• Static Analysis Tools: Utilized tools to detect logical inconsistencies in state variable assignments.

Recommendations

• Add Validation Check:

  for (uint256 i = 0; i < tierConfigs.length; i++)

• {

• if (i < dao.tiers.length)

• {

• tierConfigs[i].minted = dao.tiers[i].minted; } require(tierConfigs[i].amount >= tierConfigs[i].minted, "New amount cannot be less than already minted tokens.");

• }