Summary

https://github.com/Cyfrin/2024-11-one-world/blob/1e872c7ab393c380010a507398d4b4caca1ae32b/contracts/dao/MembershipFactory.sol#L123
In the updateDAOMembership function, if the length of the new tierConfigs array is shorter than the existing dao.tiers array, the function overwrites the old tiers with the new configuration. However, any remaining tiers in dao.tiers that do not correspond to indices in tierConfigs are effectively removed, resulting in the loss of previously accumulated minted values for these tiers.

Vulnerability Details

When updating a DAO membership, updateDAOMembership allows a reduction in the number of tiers by setting the length of tierConfigs shorter than dao.tiers. The function overwrites the configuration of existing tiers with data from tierConfigs, but if tierConfigs has fewer elements than dao.tiers, any trailing tiers in dao.tiers are implicitly deleted, including their minted values. This results in the loss of the minted count data, which could be critical for tracking total mints and ensuring accurate membership records.

Impact

The unintended deletion of minted values for removed tiers could lead to:

Inaccurate records of membership mint counts, impacting the integrity of the membership distribution and any metrics derived from it. the UI would show errorenous data, there's also Potential confusion or errors in future operations reliant on accurate minted values, especially if a tier's historical minting record is relevant for auditing, or reward calculations.

Tools Used

Manual code

Recommendations

Implment a check to enture the new tiers config is at least the same length of the current dao tiers config