Project

Summary

A vulnerability in the updateDAOMembership function of the DAO membership protocol. This vulnerability allows the DAO administrator to reduce the capacity (amount) of a tier to a value lower than the number of members already occupying that tier (minted). This discrepancy could lead to logical inconsistencies, causing unexpected behavior when users attempt to join a DAO tier.

Vulnerability Details

The updateDAOMembership function updates the tier configurations for an existing DAO. However, the function lacks a check to ensure that the new amount (the maximum allowable members for a tier) is not set lower than the minted count (the number of members who have already joined). Specifically, if amount is updated to a value lower than minted, this results in an invalid configuration where the tier appears full, even though the minted count has already exceeded the new amount.

Example Scenario

1. Initially, amount for a tier is set to 20, and minted is at 15.

2. An EXTERNAL_CALLER calls updateDAOMembership and sets amount to 10.

3. Although there are already 15 members in the tier, the tier’s capacity now shows as 10.

4. Subsequent calls to joinDAO may lead to erroneous behavior, as the tier could be considered full based on the amount, despite the minted value indicating otherwise.

Impact

If vulnerability exploited, it could prevent users from joining a DAO even if they should be eligible, given the actual minted count. This inconsistency could lead to user dissatisfaction and confusion, as they may see a tier as available but encounter restrictions based on inaccurate capacity data. Moreover, this flaw could potentially affect any future checks that rely on the accuracy of amount versus minted values.

Tools Used

Manual Review

Recommendations

Add a validation check in updateDAOMembership to ensure that each tierConfigs[i].amount is not less than dao.tiers[i].minted. This will prevent any update that would create an invalid state.