Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

No slippage check allows users to pay more than intended

samuraii77

Summary

No slippage check in MembershipFactory::joinDAO() allows users to pay more than intended

Vulnerability Details

Upon users joining a DAO, we get the price they have to pay using this code:

uint256 tierPrice = daos[daoMembershipAddress].tiers[tierIndex].price;

The issue is that there is a function that can update the price (MembershipFactory::updateDAOMembership()). Even though the function can be called only by a specific role, this can still create a race condition where the user must pay an increased price that he didn't expect to pay and was not willing to pay.

Imagine the following scenario:

  1. User wants to join a DAO for 100 tokens so he calls the function for that

  2. The price was just about to get changed to 150 tokens so the function for that is called

  3. Transaction in step 2 executes first changing the price to 150

  4. User pays 50 more tokens than he was actually willing to

Impact

Users might pay an amount they were not willing to pay

Tools Used

Manual Review

Recommendations

Implement a slippage check where users can specify the maximum amount they are willing to pay

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Appeal created

samuraii77 Submitter
9 months ago
0xbrivan2 Lead Judge
9 months ago
0xbrivan2 Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.