If DAO is updated with less tier configs than before, all minted memberships in higher tiers are ignored
Summary
When a DAOs' tiers are updated through updateDAOMembership(string), the updating user can decide to have less tiers than previously set up. He will not update his higher tiers in the new set when copying the .minted variable.
Vulnerability Details
No where in the code is it validated that the new tiers length is greater than previous. And so it is explicitly assumed that the length of new tiers will always be greater or the same in length.
Impact
Minted values are not copied into new tier configs - thus leaving users tiers invalidated.
Tools Used
Manual review
Recommendations
Make sure to reallocate higher tiers that are being 'deleted' to other tiers in some logical way OR deny updating tiers with a lower amount than before - example: add a require line to updateDAOMembership(string) function:
require(tierConfigs.length >= dao.tiers.length, "Invalid tier length.");
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.