Project

Summary

A critical issue arises when users join a DAO that is inactive or compromised. Specifically, users may purchase NFT memberships with the expectation of receiving certain benefits and rights, but due to inactivity or a breach, they may lose value, governance power, and face security risks. The lack of communication and legal recourse exacerbates the problem, leaving users vulnerable to financial loss and disillusionment.

Vulnerability Details

When users join a DAO by purchasing NFT memberships, they are often under the impression that they will have access to governance and profit-sharing mechanisms. However, if the DAO becomes inactive—due to poor management, lack of participation, or mismanagement—these users are left with no means of exercising their rights, such as voting or proposing changes. Without clear exit strategies or transparency, users may be unable to recover their assets, and the decentralized nature of the DAO makes it difficult to hold anyone accountable.

This lack of protection and visibility into the DAO’s health can lead to severe financial loss.

However, in the Memebership11555 users should be able to easily withdraw their funds or assets or redeem their NFT membership if the DAO becomes inactive or compromised but this was never implemented.

Impact

Users may spend funds to purchase NFTs that offer access to DAO governance or other benefits, but if the DAO is inactive or compromised, the NFTs may become worthless, leading to financial loss.

Tools Used

Manual review

Recommendations

DAOs should provide users with exit strategies in case the DAO becomes inactive or compromised. This can include mechanisms for withdrawing funds or redeeming NFTs under specific circumstances.