Project

One World
NFTDeFi
15,000 USDC
View results
Submission Details
Severity: low
Invalid

One World should be able to withdraw Inactive DAOs

Summary

The current implementation of the DAO platform does not provide any mechanism to automatically remove or manage inactive DAOs, nor does it allow users to withdraw the funds they used to purchase their NFT memberships.

Vulnerability Details

When users join a DAO, they may purchase NFT memberships that grant them equity and participation rights within the DAO. However, if a DAO becomes inactive (i.e., no proposals, votes, or other governance activities), users have no way of withdrawing their investment, including the funds used to purchase their memberships. In some cases, the DAO may become compromised or abandoned, leaving users with locked assets and no option for recovery.

Additionally, there is no functionality in place to automatically identify or deactivate inactive DAOs or facilitate the removal of inactive or compromised DAOs from the platform.

Impact

Users can join Inactive DAOs

Tools Used

Manual review

Recommendations

Implement a mechanism to detect inactivity in a DAO. This could include criteria such as no proposals, no votes, no transactions, or no activity in a certain period (e.g., six months). If the DAO fails to meet the required activity threshold, it would be flagged as inactive.

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Out of scope
0xbrivan2 Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Out of scope

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.