updateDAOMembership is able to lose track of minted tokens
Summary
The updateDAOMembership is going to lose track of minted tokens by decreasing the tier number for PUBLIC and PRIVATE DAOType.
Vulnerability Details
*updateDAOMembership *is able to reduce the number of tiers for PUBLIC and PRIVATE DAOType. If doing so the membership owner is preserving the already minted tokens via the functionality:
where we are iterating over the length of the new dao tiers config (tierConfigs.length) and assigning the already minted tokens (dao.tiers[i].minted) to the new tiers. We are assigning starting from index 0 which is the highest tier and going to the lowest.
In case that the tier number is smaller which is possible for PUBLIC and PRIVATE DAOType as for SPONSORED we have the following check:
we will not assign any minted tokens to the new tier config therefore we will lose track of them as later in code we are deleting the old config:
Impact
The impact will be diverging of the already minted tokens and the track record for them witch will lead to further complications of the governing of the DAO membership.
If we have the case where the owner calls the *updateDAOMembership *with short lenght array and then again with longer, then the amount of issued tokens will be lost. This will allow users to unknowingly bypass the restriction of joinDAO:
Further complications downstream of this one can be found.
Recommendations
Implement mechanism to track minted tokens of lower tier when we are calling *updateDAOMembership with tierConfig array shorter than the current. *
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.