Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

We can not reduce the max members amount with updateDAOMembership function

dustykid

Summary

We can not reduce the maxMembers amount with updateDAOMembership function as the update of the membership is working only in one way in this aspect.

Vulnerability Details

The **updateDAOMembership **function is updating the tier details of a membership and is able to reduce or increase the number of tiers in PUBLIC and PRIVATE type and regulate characteristics of the tiers in all types. However the part that is updating maxMembers amount is constructed in a way that only can increase the value of the variable.

uint256 maxMembers = 0;

...

for (uint256 i = 0; i < tierConfigs.length; i++) {
dao.tiers.push(tierConfigs[i]);
maxMembers += tierConfigs[i].amount;
}
// updating the ceiling limit acc to new data
if(maxMembers > dao.maxMembers){ // this if statement is updating the existing value only if the new one is bigger
dao.maxMembers = maxMembers;
}

Impact

This will reduce the ability of the DAO owner to control more diligent the membership he has created.

Recommendations

Implement functionality to reduce the maxMembers amount for the values that are not already minted.

Updates

Lead Judging Commences

0xbrivan2 Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice
0xbrivan2 Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!