Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Loss of `Tier` Data in `updateDAOMembership` When `tierConfigs` is Smaller Than `noOfTiers`

jesjupyter

Summary

In updateDAOMembership, if the new tierConfigs is smaller than the current noOfTiers, data from higher-index tiers is deleted, causing irreversible data loss and inconsistency.

Vulnerability Details

In the updateDAOMembership function, the array tierConfigs is directly assigned to replace the current dao.tiers data without considering noOfTiers:

// Reset and update the tiers array
delete dao.tiers;
for (uint256 i = 0; i < tierConfigs.length; i++) {
dao.tiers.push(tierConfigs[i]);
maxMembers += tierConfigs[i].amount;
}

If the new tierConfigs.length is smaller than the previous noOfTiers, data from the original tiers with indices exceeding tierConfigs.length - 1 will be permanently lost.

Example Scenario:

  1. noOfTiers was previously set to 7, so tiers 0 through 6 exist.

  2. The updateDAOMembership function is called with a tierConfigs array of length 5.

  3. This update will remove all data from tiers 5 and 6, causing data loss and inconsistency.

Impact

This issue leads to irreversible loss of tier data whenever tierConfigs has fewer entries than the current noOfTiers, resulting in potential discrepancies in DAO membership management.

Tools Used

Manual

Recommendations

Redesign the function to validate tierConfigs.length against the current noOfTiers and preserve or handle higher-index tier data as necessary.

Updates

Lead Judging Commences

0xbrivan2 Lead Judge
7 months ago
0xbrivan2 Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.