Description

In cases where the updateDAOMembership function is used to modify public or private DAO tier configurations by reducing the number of tiers, minted tokens from lower tiers may become effectively valueless. For Public and Private DAOs, the absence of a tier update mechanism or compensation model results in holders of deprecated or eliminated lower-tier tokens experiencing a loss in both token utility and economic value. This is especially critical as users have initially purchased these tokens with an expectation of access, power and participation in DAO profits. The lack of continuity in the value and utility of these tokens could lead to user dissatisfaction and mistrust in the DAO’s governance.

Impact

• Token holders in deprecated tiers may face a loss in their initial investment, as tokens minted in these lower tiers lose utility, power, and participation in DAO rewards and profits.

• The inability to uphold token value and utility for holders could damage the DAO’s reputation, as members lose confidence in its ability to maintain equitable and transparent governance.

• Members may perceive that the DAO is altering tier structures without adequate measures to protect their investments, which could lead to user attrition and reluctance from new members considering participation.

Tools Used

Manual code review and scenario analysis to identify potential impacts of updateDAOMembership on token value and utility

Potential Scenario

1. A DAO initially has 7 tiers, with each tier offering a specific level of power and profit share, allowing users to mint tokens across all levels in exchange for specific tier benefits. Over time, the DAO decides to streamline its structure by reducing the number of active tiers, deprecating some of the lower levels

2. Users who previously minted tokens in the now-deprecated lower tiers find themselves at a disadvantage. With the tier update, these tokens may no longer hold utility, reducing their weight in the DAO’s governance processes. Consequently, users who invested in these tokens lose access to the benefits or influence they initially paid for.

3. Without a compensation mechanism, users who hold these devalued tokens face a loss on their initial investment, potentially leading to frustration and loss of trust in the DAO. This scenario poses a risk to the DAO’s as well as the protocol's reputation as it may appear to have disregarded the interests of its members, impacting user retention and community support

Proof of Concept

• Install foundry in the project by running the following commands:

  1. Initialize git if not initialized:

  git init

  1. Install foundry:

  npm i --save-dev @nomicfoundation/hardhat-foundry --force

  1. add to hardhat.config.ts:

  require("@nomicfoundation/hardhat-foundry");

  1. Create foundry.toml

  npx hardhat init-foundry

• Now create a new file in the test folder:

  test/DaoTierDeprecation.t.sol

• Add these lines to the file:

Run the test:

Recommended Mitigation

1. Introduce a migration function to enable users holding tokens in deprecated tiers to exchange their tokens for equivalent value in existing or restructured tiers. This can be done by burning tokens in deprecated tiers and issuing new tokens in active tiers, preserving the initial value users invested. Ensure that the migration function maintains accurate balances and respects token power and profit attributes, thereby securing user investment in a fair manner.

2. Before deprecating any tier, consider marking it as deprecated and giving users a grace period during which they can redeem or migrate their tokens to other tiers. This ensures a smoother transition for users while preserving their investments.

3. For users unable or unwilling to migrate, consider establishing an equivalent utility in the DAO for deprecated tokens. This could include offering alternative benefits or converting old tokens into a different utility token within the DAO, thereby retaining some value and utility.