DAO Creator Can Avoid Platform Fees by Setting Low Tier Price
Summary
The platform fee is calculated as a percentage of the tier price when a user joins a DAO. However, due to precision loss, if the tierPrice is set to a very low value (e.g., less than 5), the calculated platform fee may round down to zero, allowing the DAO creator to avoid paying platform fees. This could lead to a loss of revenue for the protocol, as the fee mechanism fails to charge the intended fee on low-value tiers.
Vulnerability Details
In the joinDAO function, platform fees are calculated using integer division:
If tierPrice is set to a small value, such as 4 or below, the calculation results in a fee of zero due to Solidity’s integer division behavior, which discards any decimal values. This allows the DAO creator to potentially avoid platform fees by setting an intentionally low tier price, bypassing the intended 20% fee.
Example
Assume tierPrice = 4.
platformFees = (20 * 4) / 100 = 0.8, which rounds down to 0.
As a result, no platform fee is charged, and the full amount of 4 units is transferred to the DAO, bypassing the intended fee structure.
Impact
This issue allows the DAO creator to avoid paying platform fees, resulting in lost revenue for the protocol. Over time, if many DAOs are created with low-tier prices, this could lead to a significant reduction in platform fees collected, impacting the protocol’s financial sustainability.
Tools Used
Manual code review
Recommendations
Set a minimum platform fee or use a higher Precision Multiplier for calculations.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.