Summary

The lack of protection against front-running in createNewDAOMembership allows attackers to block legitimate DAO creation by registering the same ensName, resulting in DoS and “snatch registration.”

Vulnerability Details

In the createNewDAOMembership function, the DAOInputConfig is passed as an argument, containing the configuration details for the DAO:

In the function, getENSAddress[daoConfig.ensname] is checked to ensure it doesn't exist.

However, this check leaves the function vulnerable to front-running. An attacker could monitor the network, observe the transaction, and then front-run it by registering the same ensName just before the original transaction. This action effectively blocks the original createNewDAOMembership transaction, resulting in a Denial of Service (DoS) for legitimate DAO creation.

Additionally, this behavior allows for “snatch registration,” where an unauthorized party preemptively registers a desired ensName before the legitimate creator, undermining the integrity of the DAO registration process.

Impact

This vulnerability exposes the system to a DoS attack where legitimate DAO creation transactions can be blocked by front-runners who preemptively register identical ensNames. It also enables unauthorized entities to “snatch register” legitimate DAO names, disrupting intended usage and potentially harming the platform’s functionality.

Tools Used

Manual

Recommendations

To mitigate this vulnerability, consider revising the design:

1. Allow duplicate ensNames to prevent blocking legitimate creations.

2. Restrict the createNewDAOMembership function to be callable only by FrontEnd Account.