Upgrading tiers impossible after number of tiers was decreased
Summary
When the number of tiers is decreased, a user that has tokens of the old tier cannot upgrade to the higher tier.
Vulnerability Details
updateDAOMembership can be used to decrease the number of tiers (as long as the type is not DAOType.SPONSORED). It is not checked if minted for the deleted tiers is zero, they are just removed. So it can happen that there are still users with these tokens (who have paid for them). When they then try to call upgradeTier with their old tier (after all, they have paid for the lower tiers in the past and still should be eligible to upgrade to the higher one), this will revert because of this check:
However, the tokens will still be counted in MembershipERC1155 (https://github.com/Cyfrin/2024-11-one-world/blob/02b59f43981d247caee9aa9ab68d286ce7844a77/contracts/dao/tokens/MembershipERC1155.sol#L176) for the share of profits.
Impact
If a tier with minted tokens is removed, the system is in a weird, undesired state that should never happen: These removed tokens still count for the share of profits, so generally are still "active" for the DAO. However, no upgrades to the higher tier tokens are possible with them, meaning the user is stuck forever with this tier.
Recommendations
Disallow removing tiers with minted tokens.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.