Submission Details
Severity:
Using upgradeTier(), user could join to filled tier
Summary
In function upgradeTier() there is not check, that tier has filled, so user could join to tier anyway.
Vulnerability Details
When user decide to update tier, 2 nfts will burn from his current tier and 1 new nft will mint in highest tier. But there is not check, that highest tier has count of minted nfts is equal to daos[daoMembershipAddress].tiers[tierIndex - 1].amount
Impact
User could join to tier anyway, which breaks the logic that is in the function joinDAO(), which have such check.
Tools Used
Manual review
Recommendations
function upgradeTier(address daoMembershipAddress, uint256 fromTierIndex) external { /
require(daos[daoMembershipAddress].daoType == DAOType.SPONSORED, "Upgrade not allowed.");
require(daos[daoMembershipAddress].noOfTiers >= fromTierIndex + 1, "No higher tier available.");
+ require(daos[daoMembershipAddress].tiers[fromTierIndex - 1].amount > daos[daoMembershipAddress].tiers[fromTierIndex - 1].minted, "Tier full.")
IMembershipERC1155(daoMembershipAddress).burn(_msgSender(), fromTierIndex, 2);
IMembershipERC1155(daoMembershipAddress).mint(_msgSender(), fromTierIndex - 1, 1);
emit UserJoinedDAO(_msgSender(), daoMembershipAddress, fromTierIndex - 1);
}
Prize pool breakdown
Total prize
15,000 USDC
nSLOC
54128
USDC / LOC
14,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.