Project

One World

NFTDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

unsafe use of transferfrom instead of safetransferfrom

hawks

Summary

Vulnerability Details

https://github.com/Cyfrin/2024-11-one-world/blob/1e872c7ab393c380010a507398d4b4caca1ae32b/contracts/dao/MembershipFactory.sol#L140

in the joindao() user are to transfer the platformfee to owpWallet and also transfer the tierPrice - platformFees to the daoMembershipAddress before the get minted the token for the tierindex, but this function uses transferfrom instead safetransferfrom to transfer from msg.sender to the respective address and also do not handle failure in the logic, so if this transfer call fail due to some factore(e.g user not having enough balance) the function will not revert, it will still go ahead to mint the tokens to msg.sender

Impact

even if the transfer fails, the token of the specific tierindex will still be minted to the address provided by the caller

Tools Used

manual

Recommendations

implement logic to handle failure of transfer and also use safetransferfrom instead of transferfrom

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 11 months ago

Submission Judgement Published

Invalidated

Reason: Known issue

0xbrivan2 Lead Judge 11 months ago

Submission Judgement Published

Invalidated

Reason: Known issue

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

541

28 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.