Lack of Function to Exit DAO Membership
Summary
The MembershipFactory contract facilitates the creation, management, and membership of DAOs using ERC1155 tokens. However, the contract lacks a function that allows users to exit or leave a DAO after joining, even though they can join specific tiers and upgrade their membership.
Vulnerability Details
The MembershipFactory the contract currently has functions for creating new DAOs, updating DAO configurations, joining specific DAO tiers, and upgrading to higher tiers in sponsored DAOs. However, it lacks a exitDAO function or any mechanism allowing users to exit the DAO and redeem their membership.
This is particularly limiting for users who may wish to discontinue their membership or reclaim any associated value after joining a DAO.
Impact
Without a way to exit, users are permanently tied to their DAO membership once joined, which may discourage participation, especially in DAOs with tier-based and capped memberships. Additionally, the contract's lack of flexibility could impact user satisfaction and DAO dynamics, as members cannot voluntarily leave to allow others to join in their place.
Tools Used
Manual review
Recommendations
Implement an exitDAO function
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.