Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Tier upgrade token mechanism may lead to pricing strategy bypass

peterpepoc

Summary

Although upgradeTier requires burning 2 tokens to upgrade tiers, users can still potentially reduce the total cost of obtaining higher-tier memberships by using 2 lower-tier tokens and upgrading if the price differences between tiers are not properly balanced.

Vulnerability Details

Consider the following scenario in the code:

function upgradeTier(address daoMembershipAddress, uint256 fromTierIndex) external {
// ... checks ...
IMembershipERC1155(daoMembershipAddress).burn(_msgSender(), fromTierIndex, 2); // burns 2 tokens
IMembershipERC1155(daoMembershipAddress).mint(_msgSender(), fromTierIndex - 1, 1);
emit UserJoinedDAO(_msgSender(), daoMembershipAddress, fromTierIndex - 1);
}

Assume the following price structure:
Tier 1: 100 tokens
Tier 0: 300 tokens
A user could:
use 2 Tier 1 tokens to upgrade to Tier 0
Total cost: 200 tokens to obtain Tier 0, instead of 300 tokens through joinDAO function.

Impact

1.Undermines intended pricing strategy
2.Loss of revenue for DAO and platform
3.Potential devaluation of higher-tier memberships
4.Disrupts the economic model of the membership system

Tools Used

Manual code review

Recommendations

When creating or updating DAO configurations, implement validation to ensure that each tier's price is greater than twice the price of the tier below it:

function validateTierPrices(TierConfig[] memory tiers) internal pure {
for (uint256 i = 0; i < tiers.length - 1; i++) {
require(
tiers[i].price > 2 * tiers[i + 1].price,
"Higher tier price must be greater than 2x lower tier price"
);
}
}
Updates

Lead Judging Commences

0xbrivan2 Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.