Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Inconsistent Token Transfer Safety Implementation

mladenov

Summary

The protocol inconsistently handles token transfers across different contracts. While MembershipERC1155.sol correctly implements safeTransfer from OpenZeppelin's SafeERC20, the MembershipFactory.sol uses unsafe transferFrom directly. This inconsistency creates potential vulnerabilities when interacting with non-standard ERC20 tokens that don't return a boolean value from their transfer functions.

Vulnerability Details

Unsafe implementation in MembershipFactory.sol:

function joinDAO(address daoMembershipAddress, uint256 tierIndex) external {
// ...
IERC20(daos[daoMembershipAddress].currency).transferFrom(_msgSender(), owpWallet, platformFees);
IERC20(daos[daoMembershipAddress].currency).transferFrom(_msgSender(), daoMembershipAddress, tierPrice - platformFees);
// ...
}

Impact

1. Integration Failure:

  • Transactions may revert when non-standard ERC tokens

  • Users unable to join DAOs using certain tokens

  • Potential loss of protocol adoption

2. Protocol Inconsistency:

  • Part of system works with non-standard tokens

  • Another part fails with same tokens

  • Creates confusing user experience

Tools Used

Manual review

Recommendations

Use SafeERC20 library across all contracts that handle token transfers

Updates

Lead Judging Commences

0xbrivan2 Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue
0xbrivan2 Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!