Summary

The updateDAOMembership function in the MembershipFactory contract contains a logical bug in the way the maxMembers value is updated. The bug cuases inconsistencies between the stored maxMembers value and the actual capacity of the DAO.

Vulnerability Details

The updateDAOMembership function only updates maxMembers if the new calculated sum is greater than the existing value. It never decreases maxMembers when newly updated sum is less than the existing value.

https://github.com/Cyfrin/2024-11-one-world/blob/1e872c7ab393c380010a507398d4b4caca1ae32b/contracts/dao/MembershipFactory.sol#L122C8-L130C10

The bug is in this particular line:

This logic only updates maxMembers if the new calculated total capacity (maxMembers) is greater than the existing value. It never decreases the maxMembers value, even if the new tier configuration has a lower total capacity.

For example:

• Initial maxMembers: 200

• Updated tier configuration total capacity: 100

• However, the maxMembers value remains at 200 due to the bug.

Impact

Total members can be greater than the new maxMembers allowed.

Tools Used

Manual review

Recommendations

The updateDAOMembership function should directly update the maxMembers value to the new calculated total capacity, regardless of whether it is higher or lower than the existing value: