Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Currency update for already created DAO are not possible

perfect871214

Summary

When the whitelist of currencies is updated due to a change by administrator, the currency of the DAO that have already been created cannot be changed, and users who are going to join DAO created before the update will also have to make payments with the old currency.

Vulnerability Details

  1. The administrator updates the currency whitelist by executing the addCurrency function to use wBTC as a currency.

  2. The DAO membership creator creates a new DAO using the createNewDAOMembership function.

  3. The administrator executes the removeCurrency function to remove wBTC from the currency whitelist due to various factors (such as a currency value crash).

  4. When updating the DAO, the currency cannot be updated, and when joining the DAO, the user must use wBTC that is not in the whitelist to make payments.

  5. Even if the DAO creator wants to change the currency, it cannot be changed, and the only way is to create a new DAO every time the currency whitelist is updated.

Impact

Currency that are not on the currency whitelist can be used in DAO and this cannot be changed.

Tools Used

manual

Recommendations

It should be change updateDAOMembership function to allow currency update for already created DAO.

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Appeal created

0xbrivan2 Lead Judge
9 months ago
0xbrivan2 Lead Judge 9 months ago
Submission Judgement Published
Validated
Assigned finding tags:

missing DAO currency update

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.