Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Missing Max Price Check in `MembershipFactory::joinDAO` Allows Price Manipulation

yovchevyoan

Summary

The joinDAO function in `MembershipFactory` lacks a maximum price validation, allowing the EXTERNAL_CALLER to increase tier prices through updateDAOMembership after a user has approved their tokens but before their transaction is executed. This can result in users paying more than they intended.

Vulnerability Details

JoinDAO:
https://github.com/Cyfrin/2024-11-one-world/blob/1e872c7ab393c380010a507398d4b4caca1ae32b/contracts/dao/MembershipFactory.sol#L140

UpdateDAOMembership:
https://github.com/Cyfrin/2024-11-one-world/blob/1e872c7ab393c380010a507398d4b4caca1ae32b/contracts/dao/MembershipFactory.sol#L100

Impact

Users may expect the price of a specific tier to be `x`, but it can be changed by the EXTERNAL_CALLER through the updateDAOMembership function. This could lead to:

Financial Loss:

  • Users may pay more than intended

  • No upper bound on price changes

  • Affects all DAO tiers

MEV Opportunity:

  • Sandwich attacks possible

  • Price can be manipulated before user tx

  • Reverted to original after

Tools Used

Manual Review

Recommendations

Add price protection:

function joinDAO(
address daoMembershipAddress,
uint256 tierIndex,
uint256 maxPrice // New parameter
) external {
uint256 tierPrice = daos[daoMembershipAddress].tiers[tierIndex].price;
require(tierPrice <= maxPrice, "Price too high");
// ... rest of function
}
Updates

Lead Judging Commences

0xbrivan2 Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!