DOS of createNewDAOMembership by abusing daoConfig.ensname without important parameters
Summary
An adversary can prevent NewDAOMembershifp from being created by using the same daoConfig.ensname
Vulnerability Details
https://github.com/Cyfrin/2024-11-one-world/blob/main/contracts/dao/MembershipFactory.sol#L60
In the MembershipFactory::createNewDAOMembership function, there is the following code:
getENSAddress is a mapping(string => address) public getENSAddress;, if daoConfig.ensname does not exist in getENSAddress then create it:
An attacker can prevent the creation of other daos by front-running transactions and submitting daos with the same daoConfig.ensname.However, except for daoConfig.ensname, attackers can maliciously set other parameters, such as: daoConfig.daoType, daoConfig.currency, daoConfig.maxMembers, daoConfig.noOfTiers.
Impact
This vulnerability causes users to be unable to call the createNewDAOMembership function to submit a new dao
Tools Used
Manual code review
Recommendations
In order to prevent the DOS, consider hashing all the key information in daoConfig, such as daoType, currency, maxMembers, noOfTiers, to get a daoConfig.hash as daoConfig.ensname and then add it to the mapping of getENSAddress. In this case, if the attacker wants to prevent the creation of this dao by submitting the same daoConfig.hash, the attacker must submit a dao with exactly the same information as the user, so the attacker cannot set malicious parameters of the dao in this way.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.