Project

One World

NFTDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Upgrade of MembershipERC1155 may not be compatible with MembershipFactory

vinica_boy

Summary

The MembershipERC1155 contract is designed to be upgradeable, allowing for future enhancements that may introduce new state variables. However, these new variables may need to be initialized within the initialize() function, potentially causing incompatibility with the existing MembershipFactory contract.

Vulnerability Details

createNewDAOMembership uses hardcoded function signature to initialize the newly deployed MembershipERC1155 contract:
https://github.com/Cyfrin/2024-11-one-world/blob/1e872c7ab393c380010a507398d4b4caca1ae32b/contracts/dao/MembershipFactory.sol#L72

Also, the MembershipFactory is not upgradeable and implementation cannot be adjusted to comply with potential changes in the MembershipERC1155.

Impact

Inability to upgrade MembershipERC1155.

Tools Used

Manual review.

Recommendations

Consider making MembershipFactory upgradeable as well.

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

0xbrivan2 Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

541

28 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.