Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Show fromTierIndex can't be zero in MembershipFactory::upgradeTier, increasing users's experience

bytesflow007

Summary

MembershipFactory::upgradeTier accepts fromTierIndex from zero to six. And zero is the top tier, which can't be upgraded by the protocol's business logic. When the user inputs fromTierIndex, it just reports a program error. It's better to show this is the max tier, can't be upgraded, and improve the users's experience.

Vulnerability Details

Below function accept fromTierIndex==0, throw program error,

function upgradeTier(address daoMembershipAddress, uint256 fromTierIndex) external {
require(daos[daoMembershipAddress].daoType == DAOType.SPONSORED, "Upgrade not allowed.");
require(daos[daoMembershipAddress].noOfTiers >= fromTierIndex + 1, "No higher tier available.");
IMembershipERC1155(daoMembershipAddress).burn(_msgSender(), fromTierIndex, 2);
IMembershipERC1155(daoMembershipAddress).mint(_msgSender(), fromTierIndex - 1, 1);
emit UserJoinedDAO(_msgSender(), daoMembershipAddress, fromTierIndex - 1);
}

POC

To make the test work, I have modified the hardhat environment, can add below to this URL: https://github.com/sodexx7/One_world_temp_202411/blob/193b4dfad76ecc157eff72cf35ed2caf8cd00fa3/test/MembershipFactoryPOC.test.ts#L66

describe("POC upgrade tier", function () {
beforeEach(async function () {
DAOType = { GENERAL: 0, PRIVATE: 1, SPONSORED: 2 };
DAOConfig = {
ensname: "testdao.eth",
daoType: DAOType.SPONSORED,
currency: testERC20.target,
maxMembers: 100,
noOfTiers: 7,
};
TierConfig = [
{ price: 300, amount: 10, minted: 0, power: 12 },
{ price: 200, amount: 10, minted: 0, power: 6 },
{ price: 100, amount: 10, minted: 0, power: 3 },
{ price: 300, amount: 10, minted: 0, power: 12 },
{ price: 200, amount: 10, minted: 0, power: 6 },
{ price: 100, amount: 10, minted: 0, power: 3 },
{ price: 100, amount: 10, minted: 0, power: 3 },
];
await currencyManager.addCurrency(testERC20.target); // Assume addCurrency function exists in CurrencyManager
await membershipFactory.createNewDAOMembership(DAOConfig, TierConfig);
const ensAddress = await membershipFactory.getENSAddress("testdao.eth");
membershipERC1155 = await MembershipERC1155.attach(ensAddress);
});
it("POC allow user to upgrade tier", async function () {
// addr3 joinDao paying 300wei
await testERC20.mint(addr1.address, 300);
await testERC20.connect(addr1).approve(membershipFactory.target, 300);
await expect(
membershipFactory.connect(addr1).joinDAO(membershipERC1155.target, 6)
).to.emit(membershipFactory, "UserJoinedDAO");
// addr1 joinDao paying 300wei
await testERC20.mint(addr1.address, 300);
await testERC20.connect(addr1).approve(membershipFactory.target, 300);
await expect(
membershipFactory.connect(addr1).joinDAO(membershipERC1155.target, 6)
).to.emit(membershipFactory, "UserJoinedDAO");
await membershipFactory
.connect(addr1)
.upgradeTier(membershipERC1155.target, 6);
});
});

Impact

Tools Used

Recommendations

Show zero is the top TierIndex which can't be upgraded

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
0xbrivan2 Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.