`i - 1`th tier having price set to greater than 2 times the price of `i`th tier will discourage them to directly buy `i - 1`th tier membership
Summary
Considering a membership DAO having the following condition will discourage the users from directly buying
i - 1th tier NFT, instead they will buy 2ith tier membership first and then upgrade their membership toi-1th tier without giving any extra cost by just burning their 2ith tier NFT in case of sponsored DAO.
Or the user can just hold the 2
ith tier membership token as they will be equivalent to a singlei - 1th tier membership.Therefore, allowing the user to get more weighted membership by purchasing 2 lesser weighted memberships at lower prices (considering the above condition).
Vulnerability Details
The vulnerability lies in the pricing of the membership tiers where it allows arbitrary values for their prices.
The price of 2
ith tier membership being less than a singlei - 1th tier would make to user to directly purchase 2ith tier membership token, thus getting the equivalenti - 1th membership at cheaper cost.This occurs due to not validating the prices to be in a way the
i - 1th tier should either cost lesser or equal to the 2ith tier membership tokens, this will also promote users to buyi - 1th tier membership.
Impact
Users will not directly buy i - 1th tier membership instead they will buy 2 ith tier membership which is equivalent to having a single i - 1th tier membership. Thus, getting the equivalent of i - 1th tier at lower prices.
Tools Used
Manual Review
Recommendations
The tier prices should be validated in a way that the i - 1th tier should either cost lesser or equal to the 2 ith tier membership tokens, this will also promote users to buy i - 1th tier membership.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.