Submission Details
Severity:
M-03: In the `upgradeTier` function, users are only allowed to upgrade their tier within the DAO they sponsor, which will prevent PUBLIC and PRIVATE type DAOs from upgrading their tiers.
Summary
There are three types of DAO: PUBLIC, PRIVATE, and SPONSORED. In the upgradeTier function, users are only allowed to upgrade their tier within a SPONSORED DAO, which will prevent PUBLIC and PRIVATE type DAOs from upgrading their tiers.
Impact
Users are unable to upgrade their tier after joining a PUBLIC or PRIVATE type DAO.
Recommendations
The upgradeTier function allows users to upgrade their Tier in any type of DAO, and considering the special nature of SPONSORED DAOs, the code can be modified as follows:
function upgradeTier(address daoMembershipAddress, uint256 fromTierIndex) external {
- require(daos[daoMembershipAddress].daoType == DAOType.SPONSORED, "Upgrade not allowed.");
+ if(daos[daoMembershipAddress].daoType == DAOType.SPONSORED){
+ require(daos[daoMembershipAddress].noOfTiers == TIER_MAX, "Invalid tier count for sponsored.");
+ }
require(daos[daoMembershipAddress].noOfTiers >= fromTierIndex + 1, "No higher tier available.");
IMembershipERC1155(daoMembershipAddress).burn(_msgSender(), fromTierIndex, 2);
IMembershipERC1155(daoMembershipAddress).mint(_msgSender(), fromTierIndex - 1, 1);
emit UserJoinedDAO(_msgSender(), daoMembershipAddress, fromTierIndex - 1);
}
Prize pool breakdown
Total prize
15,000 USDC
nSLOC
54128 USDC / LOC
14,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.