Tier Value Assumptions Not Enforced in Upgrade Mechanism
Summary
The DAO membership upgrade mechanism allows members to burn two lower-tier memberships to mint one higher-tier membership, but lacks protocol enforcement of the economic assumption that each tier should be worth at least twice the value of the tier below it. Consequently, users may experience value loss during upgrades when this assumption doesn't hold, creating a disincentive to use the upgrade feature.
Vulnerability Details
MembershipFactory::upgradeTierrequires a DAO member to hold two membership of a lower tier (higher index) to upgrade to a higher tier (lower index). The function burns the two lower tier members and mints one higher tier membership.
This functionality assumes this value relationship:
Value of tier[n] >= tier[n + 1] * 2
There's nothing in the protocol enforcing this, so when the value of tier[n] < tier[n + 1] * 2there's no incentive to upgrade. User actually lose value if they upgrade.
Impact
Users lose value if they upgrade or the protocol doesn't effectively incentivize upgrades.
Tools Used
Manual review
Recommendations
Base the upgrade mechanism on the price of each membership tier.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.