Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Incorrect Higher-Tier Check in `upgradeTier` Function

jesjupyter

Summary

The upgradeTier function uses an incorrect higher-tier check, potentially leading to inconsistencies and user confusion.

Vulnerability Details

In the upgradeTier function, the code checks for the availability of a higher tier using the condition:

require(daos[daoMembershipAddress].noOfTiers >= fromTierIndex + 1, "No higher tier available.");

However, the intended tier upgrade is actually from fromTierIndex to fromTierIndex - 1. This means the check should ensure that fromTierIndex is greater than or equal to 1, allowing users to upgrade to a higher tier by moving from a higher index to a lower one. The current implementation mistakenly checks fromTierIndex + 1, which does not correspond to any actual tier in the intended upgrade logic.

The correct check should be:

require(fromTierIndex >= 1, "No higher tier available.");

This adjustment would align the logic with the intended tier structure and ensure upgrades only happen when a valid higher tier exists.

Impact

The incorrect tier comparison creates potential inconsistencies or confusion for users attempting upgrades if fromTierIndex is invalidly referenced.

Tools Used

Manual

Recommendations

Adjust the tier check condition to:

require(fromTierIndex >= 1, "No higher tier available.");
Updates

Lead Judging Commences

0xbrivan2 Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
0xbrivan2 Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.