Excessive Centralization Risk: EXTERNAL_CALLER Role Requires Multisig Implementation
Summary
The MembershipFactory contract grants extreme privileges to the EXTERNAL_CALLER role without proper security controls. Through the callExternalContract function, this role can execute arbitrary calls on any DAO contract, effectively having complete control over all protocol operations. This includes the ability to drain treasury funds, manipulate membership tokens, and override any DAO decisions. Such concentrated power demands, at minimum, a multisig wallet implementation to prevent single-point-of-failure scenarios.
Vulnerability Details
The vulnerability centers on the unrestricted external call capability:
The EXTERNAL_CALLER can:
Call any contract
Execute any function
Pass any parameters
Interact with any DAO
Impact
Protocol Security:
Complete control over all DAO treasuries
Ability to manipulate any DAO state
Can remove all member tokens without warning
No checks, balances, or safeguards
Financial Risk:
Treasury funds (80% of membership fees) at risk
No protection for member investments
Can execute unauthorized token transfers
Zero oversight on fund movements
Governance Implications:
Bypasses all DAO voting mechanisms
Can override member decisions
No timelock on critical operations
Undermines protocol decentralization
Tools Used
Manual Review
Recommendations
Implement multisig requirement:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.