Project

Summary

The MembershipFactory contract allows users to upgrade their membership tiers. However, the current implementation does not enforce the minting limits for each tier during the upgrade process. This oversight can lead to a situation where the total number of tokens minted in a specific tier exceeds the predefined limit, potentially undermining the integrity of the tier system.

Vulnerability Details

In the upgradeTier function, the logic for upgrading a user's tier does not check whether the minting limit for the target tier has been reached. The relevant code is as follows :

This code allows a user to burn their token from the current tier and mint a new token in the upgraded tier without verifying if the maximum number of tokens for that tier has already been reached. As a result, it is possible for the total number of tokens in a specific tier to exceed the defined limit.

Example of Impact:

1. A DAO has a limit of 10 tokens for Tier 2.

2. Currently, there are 10 tokens minted in Tier 2.

3. A user upgrades from Tier 3 to Tier 2, which involves burning their Tier 3 token and minting a Tier 2 token.

4. The upgrade is executed without checking the minting limit, resulting in 11 tokens minted in Tier 2, violating the established limit.

Impact

• Imbalance in voting power and privileges associated with each tier, as the intended exclusivity of higher tiers is compromised.

Tools Used

• Manual code review

Recommendations

1. Enforce Minting Limits: Implement checks in the upgradeTier function to ensure that the total number of tokens minted in the target tier does not exceed the predefined limit before allowing the minting process.