Submission Details
Severity:
when updateDAOMembership(), minted values not reserved should be reset
Summary
when updateDAOMembership(), minted values not reserved should be reset
Vulnerability Details
https://github.com/Cyfrin/2024-11-one-world/blob/main/contracts/dao/MembershipFactory.sol#L117
function updateDAOMembership(string calldata ensName, TierConfig[] memory tierConfigs)
external onlyRole(EXTERNAL_CALLER) returns (address) {
...
// Preserve minted values and adjust the length of dao.tiers
for (uint256 i = 0; i < tierConfigs.length; i++) {
if (i < dao.tiers.length) {
tierConfigs[i].minted = dao.tiers[i].minted;
}
}
...
}
1, create createNewDAOMembership with 3 tiers.
2, updateDAOMembership to 6 tiers, for example, new tier's amout = 6, new tier's minted >= 6 (could be a very large value).
besides, should check if tier's amount >= tier's minted as well.
Impact
could updateDAOMembership() with tiers that have large minted value, and small amount value, cause joinDAO() always fail.
Tools Used
manually review
Recommendations
function updateDAOMembership(string calldata ensName, TierConfig[] memory tierConfigs)
external onlyRole(EXTERNAL_CALLER) returns (address) {
...
// Preserve minted values and adjust the length of dao.tiers
for (uint256 i = 0; i < tierConfigs.length; i++) {
if (i < dao.tiers.length) {
tierConfigs[i].minted = dao.tiers[i].minted;
}
else
{
tierConfigs[i].minted = 0;
}
require(tierConfigs[i].amount > tierConfigs[i].minted, "Tier full.");
}
...
}
Prize pool breakdown
Total prize
15,000 USDC
nSLOC
54128 USDC / LOC
14,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.