`MembershipFactory::EXTERNAL_CALLER` should be multisig wallet because of it's centralization and power
Summary
In the MembershipFactory contract the role EXTERNAL_CALLER has too much power. He is allowed to update DAO memberships even though it is not he owner of the DAO. Probably the most critical operation it can do
is call callExternalContract. This function allows the EXTERNAL_CALLER to call any contract with any function and parameters. This is ridiculously overpowered. This allows the admin to transfer treasury funds,
burn NFTs, or manipulate DAO state without any restrictions or safeguards. The least that can be done it to require the EXTERNAL_CALLER to be a multisig wallet.
Vulnerability Details
Ability to:
Interact with all DAOs
Call any contract and execute any function with any parameters
The factory has unrestricted calling capability for EXTERNAL_CALLER:
https://github.com/Cyfrin/2024-11-one-world/blob/1e872c7ab393c380010a507398d4b4caca1ae32b/contracts/dao/MembershipFactory.sol#L176
Impact
Treasury Control:
Admin can take any ERC20 tokens
No timelock or voting required
Membership Control:
Can burn all memberships
Members lose governance rights
No compensation mechanism
DAO Control:
Can modify any state
Override any decision
Bypass governance
Tools Used
Manual Review
Recommendations
Require a Multisig Wallet
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.