Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

When user update tier, count of minted nfts has not changed in tiers data

sovaslava

Summary

When user update his tier, 2 nft burn from his balance and 1 new nft of highest tier is minting. But count of nfts has not updated in tiers data in MembershipFactory contract.

Vulnerability Details

User call upgradeTier() and 2 nfts has burn from his balance of current tier and 1 nft mint of highest tier. But values, which keep count of minted nft in each tier, has not updated.

Vlues in daos[daoMembershipAddress].tiers[tierIndex] remain unchanged.

Impact

  • If the initial tier was completely full, and new users could not join it, then after updating the tier and burning 2 nft, new users still cannot join the tier. Because the information about the number of mined nft was not updated in the factory contract

  • After mint nft in highest tier, the number of available spots to join the tier is not reduced.

daos[daoMembershipAddress].tiers[tierIndex].amountTools Used

Manual review

Recommendations

function upgradeTier(address daoMembershipAddress, uint256 fromTierIndex) external {
require(daos[daoMembershipAddress].daoType == DAOType.SPONSORED, "Upgrade not allowed.");
require(daos[daoMembershipAddress].noOfTiers >= fromTierIndex + 1, "No higher tier available.");
IMembershipERC1155(daoMembershipAddress).burn(_msgSender(), fromTierIndex, 2);
+ daos[daoMembershipAddress].tiers[fromTierIndex].minted -= 2;
+ daos[daoMembershipAddress].tiers[fromTierIndex - 1].minted += 1;
IMembershipERC1155(daoMembershipAddress).mint(_msgSender(), fromTierIndex - 1, 1);
emit UserJoinedDAO(_msgSender(), daoMembershipAddress, fromTierIndex - 1);
}
Updates

Lead Judging Commences

0xbrivan2 Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!