`MembershipFactory::upgradeTier` permit Downgrade Instead of Upgrade (LOGIC ERROR)
Summary
The upgradeTier function allows users to upgrade their membership tier within a sponsored DAO. However, due to an incorrect implementation of tier transitions, the function unintentionally downgrades the user's tier instead of upgrading it.
Vulnerability Details
The function is supposed to enable users to move to a higher tier by burning tokens at their current tier (fromTierIndex) and minting tokens at the next higher tier. However, the function mistakenly burns tokens at fromTierIndex and mints them at fromTierIndex - 1, effectively downgrading the user to a lower tier.
Impact
This vulnerability leads to unintended downgrades, causing users to lose access to privileges and benefits associated with their current or higher tiers. This could lead to a poor user experience, mistrust in the DAO system, and potential financial and reputational losses for DAOs.
Tools Used
Vs Code
Recommendations
Modify the function to mint tokens at fromTierIndex + 1 instead of fromTierIndex - 1 to reflect the intended tier upgrade. The correct logic would look like:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.