Summary

The updateDAOMembership function in MembershipFactory doesn't validate that new tiers (beyond the original DAO's tier length) have zero minted tokens, potentially allowing manipulation of minted values for new tiers. this check exists in the createNewDAOMembership https://github.com/Cyfrin/2024-11-one-world/blob/1e872c7ab393c380010a507398d4b4caca1ae32b/contracts/dao/MembershipFactory.sol#L86 but not in updateDAOMembership

Vulnerability Details

https://github.com/Cyfrin/2024-11-one-world/blob/1e872c7ab393c380010a507398d4b4caca1ae32b/contracts/dao/MembershipFactory.sol#L100
The updateDAOMembership function allows the update of DAO membership tiers by accepting a new array of tierConfigs. However, there is no validation to ensure that the minted count for each new tier is set to zero. This could result in tiers being introduced with a non-zero minted value, which could interfere with accurate tracking of the number of members in each tier and possibly lead to an unintended increase in membership numbers.

Impact

Malicious actors could leverage non-zero minted values to artificially inflate membership or token distribution, undermining the integrity of the membership structure and lying that they have people fighting for their dao.

Tools Used

Manual Review

Recommendations

Add same check as in
require(tierConfigs[i].minted == 0, "Invalid tier config");