Project

One World

NFTDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

The Mismatch Between Real Token Balances and Tier's Memberships Due to Unrestricted Upgrade Logic

davidjohn241018

Summary

The MembershipFactory contract has a flaw in its upgradeTier function that lets users upgrade to a higher tier even when it's full.

Because in the UpgradeTier function, there is no limitation about high level where user is going to upgrade to.

This means users can burn tokens from a lower tier and mint tokens in the high tier, causing the high tier to exceed its intended member limit. This results in an imbalance in membership distribution, which can lead to inaccurate token tracking, unfair rewards, and disruptions in the DAO’s tier structure

Vulnerability Details

In the current implementation, the MembershipFactory and related contracts allow users to upgrade from a lower tier to a higher tier even when the higher tier is at full capacity. For example, if a user with 8 tokens in a low tier attempts to upgrade while the high-level tier is full, they can still upgrade and get 4 high tokens without any restrictions.

So 8 low level tokens are burnt and 4 high level tokens are minted and the balance is changed like that.

But in UpgradeTier function, there is no change about minted value and tier.amount.

So there is no limitation about high level where user is going to upgrade to.

This operation allows them to burn their low-level token and mint a high-level token, leading to a mismatch between the recorded token balance and the actual allowed tier members.

Impact

Membership Overflow: The high tier’s member count can exceed its configured amount limit, leading to unintended membership distribution.
Reward Dilution: Reward systems based on tier capacities may distribute rewards incorrectly, as the actual number of members could exceed the defined limit, diluting rewards.
Governance Imbalances: Voting power or other tier-dependent privileges could be inaccurately assigned due to the excess members in the high tier.
Tracking Inconsistencies: Without accurate member counts, the DAO could face operational difficulties in managing and auditing tier-based membership.

Tools Used

Tests

Recommendations

Before allowing an upgrade, check that the target tier’s minted + upgraded count does not exceed its amount limit.
This will ensure that upgrades are only permitted when there is space available in the target tier.

Updates

Lead Judging Commences

0xbrivan2 Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Known issue

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

541

28 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!