Project

One World

NFTDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

upgradeTier incorrectly checks for the existence of a higher membership tier.

0xesbee

Summary

The upgradeTier function in the DAO membership contract incorrectly checks for the existence of a higher membership tier. This allows users to bypass the intended tier upgrade restriction, potentially resulting in unauthorized upgrades or contract logic errors.

Vulnerability Details

The current code, require(daos[daoMembershipAddress].noOfTiers >= fromTierIndex + 1, "No higher tier available."); checks if there exists a higher tier for the user to upgrade to. However, the contract assumes that lower index values correspond to higher membership tiers.

The check noOfTiers >= fromTierIndex + 1 would make sense if higher tiers had higher index values(e.g. tiers counted upward from 1, 2, 3, etc.). However, since lower index values represent higher tiers in this setup, this check is essentially asking if there’s a tier beyond fromTierIndex + 1, which is unnecessary.

As a result:

The current require condition is ineffective for this system.
A user already at the highest tier (index 0) could still pass this require check, leading to unintended behavior when attempting an upgrade.

The condition should instead verify that fromTierIndex > 0 to ensure there’s a lower index available to upgrade to.

Impact

Because of this vulnerability, users could accidentally or intentionally try to “upgrade” from the highest tier, even though no higher tier exists. This could lead for example to:

• Users ending up in the wrong tier: Since the contract doesn’t correctly check if they’re already at the top, users might pay to upgrade when they actually can’t go any higher. This could leave them in a confusing state or create mistakes in membership levels.

• Potential Contract Reversion: Logic errors might lead to unexpected reverts if the contract tries to mint or burn tokens for a nonexistent tier.

Tools Used

Manual Review

Recommendations

Update the require statement in the ***upgradeTier *** function to correctly verify that there exists a higher tier (lower index value) before performing the upgrade.

Replace:

require( daos[daoMembershipAddress].noOfTiers >= fromTierIndex + 1, "No higher tier available.");

With:

require( fromTierIndex > 0, "No higher tier available.");

Updates

Lead Judging Commences

0xbrivan2 Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

541

28 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!