Summary

The current setup of codebase doesn’t account for the actual cost paid for tokens when calculating profit distribution; it only considers the number of tokens and their weight. As a result, two different users may receive equal shares of the profit despite having paid different amounts when minting was done.

Vulnerability Details

Tier price is set with daoConfig params by the dao creators when a new DAOMembership is created. Not having a mechanism for tier price or any check in JoinDao() and upgradeTier() methods may create situations such as different users having equal shares and same amount tier tokens but paying different amounts . Consider the following example:

Let's say;

Tier 4 Price for a token minting: 3

Tier 5 price for a token minting : 1

• Bob’s Initial Holdings: 4 tokens at Tier 5 (weight = 2 per token), total weight contribution to totalSupply : 4x2=8. TotalPaid: 4x1=4

• Alice’s Initial Holdings: 2 tokens at Tier 4 (weight = 4 per token), total weight contribution to totalSupply : 2x4=8. TotalPaid: 2x3=6

Total Supply = 8 (Bob) + 8 (Alice) = 16.

Bob upgrades his tokens, his Tier 5 tokens are burned and he receives 2 tokens from Tier 4 instead. At this point his total contribution to the supply in terms of weight stays the same because the calculation depends on the number of tokens and their assigned weight.

New Holdings:

• Bob: 2 tokens at Tier 4 (weight = 4 per token), total weight contribution = 8.

• Alice: 2 tokens at Tier 4 (weight = 4 per token), total weight contribution = 8.

This means if 50 tokens profit is sent by sendProfit() method, Bob and Alice's profit will be same(25 token each). The issue here is that both Bob and Alice end up with 2 tokens of Tier 4 before claiming their profit. However, Alice paid a higher price (totalPaid:6) for her Tier 4 tokens than Bob did(totalPaid:4), which raises fairness concerns.

Impact

The potential price discrepancy between tiers may lead to advantages/disadvantages for users.The users who are aware of this will game the system.

Tools Used

Manual Review

Recommendations

Implement a price mechanism based on consistent contribution to totalSupply.For example, if Bob and Alice both want to contribute 8(weight*number of tokens) to the totalSupply, they would pay the same amount, regardless of the tier.This ensures that all users with the same contribution to totalSupply will have paid the same amount, maintaining fairness in profit distribution.