Missing Functionality Implementation in MembershipFactory
Summary
The MembershipERC1155 contract includes access-controlled functions such as burnBatch, burnBatchMultiple, and callExternalContract, which are designed to only be called by the MembershipFactory contract. However, the MembershipFactory contract does not implement these functions. This absence raises critical issues in functionality and access control, potentially limiting the expected operations within the protocol.
Vulnerability Details
The MembershipERC1155 contract enforces access control, allowing only the MembershipFactory contract to call specific functions, such as burnBatch, burnBatchMultiple, and callExternalContract.
The intent behind this access control is to ensure that only the authorized factory contract can initiate batch burns or call external contracts, likely as part of the membership management protocol.
Impact
Without MembershipFactory implementing these functions, batch burning and external contract interactions specified in MembershipERC1155 cannot be executed, which could disrupt critical operations, limit flexibility in membership management, or prevent the contract from achieving its intended functionality.
Tools Used
Manual Review
Recommendations
Add burnBatch, burnBatchMultiple, and callExternalContract functions within MembershipFactory, ensuring that they align with the intended functionality and properly integrate with MembershipERC1155.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.