Project

Summary

The createNewDAOMembership and updateDAOMembership functions lack a validation check for the pricing consistency across different membership tiers. Membership tiers are designed to offer different levels, where lower indices represent higher weights. However, without a price verification mechanism, tiers could mistakenly be configured with incorrect pricing, potentially leading to inconsistencies and user confusion.

Vulnerability Details

The createNewDAOMembership and updateDAOMembership functions allow users to define multiple membership tiers, each with varying weights and quantities. The lower the index of a tier, the higher its weight within the DAO. Despite this structure, the code does not enforce a price hierarchy across these tiers, leaving room for misconfiguration, such as a higher-tier being less costly than a lower-tier. This issue is present in both the createNewDAOMembership and updateDAOMembership functions, which do not impose any tier-based price checks.

Relevant code:

Impact

Without a consistent price hierarchy, lower-weighted tiers could end up more costly than higher-weighted ones, leading to user dissatisfaction, diminished protocol trust, and potential misuse of the DAO's membership structure. Users might feel misled or make uninformed decisions, affecting the DAO's overall reputation and integrity.

Tools Used

Manual Review

Recommended Mitigation

Introduce a validation check within both createNewDAOMembership and updateDAOMembership functions to ensure that each successive tier’s price does not exceed the previous tier's price. This could involve adding a loop to compare each tier's price with the prior tier’s, ensuring a consistent pricing hierarchy before finalizing the configuration.