Summary

The joinDAO function lacks protection against DAO price changes that can occur just beforehand, potentially forcing users to pay more than intended.

Vulnerability Details

In the joinDAO function, the cost for a user to join a selected DAO is determined by the following line:

However, this tierPrice can be modified (no matter intentionally or unintentionally) through the updateDAOMembership function, potentially leading to unexpected charges for users.

Consider this scenario:

1. The initial tierPrice to join a DAO at a specific tier is set to 50 TOKEN.

2. The user, Bob, finds this price acceptable and approves a 100 TOKEN allowance to the MembershipFactory, planning to mint an NFT twice or for other reasons.

3. While Bob’s transaction to joinDAO is submitted, the updateDAOMembership to increase the price to 80 TOKEN is already in the mempool and executed in advance(This ).

4. As a result, Bob’s transaction ends up costing him 80 TOKEN instead of 50 TOKEN, leading to an unexpected loss since he would not have paid the higher price initially.

This lack of price locking can result in users unintentionally paying more than they expected.

Impact

The vulnerability results in users paying higher fees than anticipated, leading to unintentional and unexpected financial losses for users.

Tools Used

Manual

Recommendations

Add a price or maxPrice parameter to the joinDAO function to verify that the actual price is within the user’s acceptable range before finalizing the transaction.