Risk of Data Loss When `tierConfigs.length < dao.tiers.length` in `MembershipFactory: updateDAOMembership`
Summary
The updateDAOMembership function in the DAO contract allows updating the tier configuration of a DAO by replacing the dao.tiers array with a new tierConfigs array. However, when the length of tierConfigs is smaller than the existing dao.tiers, this approach can lead to data loss.
Vulnerability Details
In the updateDAOMembership function, the dao.tiers array is deleted and replaced with a new array, tierConfigs, using this for loop we preserve the existing minted values:
But when tierConfigs.length is less than dao.tiers.length (which is essentialy less tiers), the functions does not take into account the extra tiers and deletes the dao.tiers. This will result in data loss on information like dao.tiers.minted
Impact
Medium
Tools Used
manual review
Recommendations
Consider adding a length check if you dont wish to give the ability of reducing the Tier amount to DAOs
Or implement some extra functionality to cover this scenario
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.