Submission Details
Severity:
MemberhsipFactory.upgradeTier() reverts with no custom error if fromTierIndex = 0
Summary
MembershipFactory.upgradeTier() reverts with no custom error if fromTierIndex = 0
Vulnerability Details
When trying to call MembershipFactory.upgradeTier() with fromTierIndex parameter equal to 0, function will revert when trying to mint(fromTierIndex - 1), as mint() expects a uint256, which cannot be negative.
Impact
Function upgradeTier() reverts without a custom message that indicates why the error happenned, this does not comply with good practices of contract development.
Tools Used
Manual review
Recommendations
Add a new require code line for this situation:
function upgradeTier(address daoMembershipAddress, uint256 fromTierIndex) external {
require(daos[daoMembershipAddress].daoType == DAOType.SPONSORED, "Upgrade not allowed.");
require(daos[daoMembershipAddress].noOfTiers >= fromTierIndex + 1, "No higher tier available.");
+ require(fromTierIndex > 0, "Cannot upgrade from tier 0");
IMembershipERC1155(daoMembershipAddress).burn(_msgSender(), fromTierIndex, 2);
IMembershipERC1155(daoMembershipAddress).mint(_msgSender(), fromTierIndex - 1, 1);
emit UserJoinedDAO(_msgSender(), daoMembershipAddress, fromTierIndex - 1);
}
Prize pool breakdown
Total prize
15,000 USDC
nSLOC
54128 USDC / LOC
14,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.