Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

DAO memberships can be created with any number of members

falendar

Summary

Anyone can create Sponsored, Public and Private DAOs with any number of members. The sponsor of the project has confirmed that a Sponsored DAO must have fixed 7 tiers and 19,825 members, which is not the case. Public and Private DAOs can be created with 0 members as well.

Vulnerability Details

When creating a new DAO membership using the createNewDAOMembership function, there is no validation on the minimum or maximum number of members (amount field) in tierConfigs, allowing a Sponsored DAO to be created with any number of members, even 0. This deviates from the specified requirement of a 7-tier structure with 19,825 members.

Impact

Sponsored, Public and Private DAOs can have 0 total members.

Tools Used

Manual Review

Recommendations

Enforce a minimum of at least 1 member per tier in Public and Private DAOs and a fixed number for Sponsored DAOs.

Updates

Lead Judging Commences

0xbrivan2 Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Appeal created

falendar Submitter
about 1 year ago
0xbrivan2 Lead Judge
about 1 year ago
0xbrivan2 Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Missing max members check for SPONSORED daos

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!