Project

Summary

When a DAO is created using MembershipFactory::createNewDAOMembership() the DAO tiers are set using the tierConfigs parameter.

Throughout the lifecycle of the DAO, the tiers can be updated using updateDAOMembership(). This function allows a privileged address with the EXTERNAL_CALLER role to add new tiers or remove existing tiers from the DAO.

The function deletes the current tiers dao.tiers resulting an empty array. Then it pushes the new DAO tiers tierConfigs given as parameter into this same array.

https://github.com/Cyfrin/2024-11-one-world/blob/main/contracts/dao/MembershipFactory.sol#L121-L123

Doing so, the DAO should only account for these tiers in its operations.

However, when the new dao.tiers ends up with less tiers than previously (e.g. one or many tiers have been removed), the MembershipERC1155 NFTs obtained using MembershipFactory::joinDAO() still remains.

This causes multiple inconsistencies in the protocol.

Impact

• A DAO member that owns one of the tier's NFT that has been removed can claim more profit than expected when calling MembershipERC1155::claimProfit() because the shareOf() function, used to calculate profits, accounts for all the NFTs tiers regardless of whether they are in the DAO config.

https://github.com/Cyfrin/2024-11-one-world/blob/main/contracts/dao/tokens/MembershipERC1155.sol#L169-L177

• In case a tier is removed and re-added in the future, the particular NFTs will already be in circulation which would make the minted value inconsistent with the reality (e.g. equal 0 directly after the tier is re-added).

Recommendations

When a tier is removed after a DAO update, make sure they are not accounted anymore in the shareOf() calculation.

Also update the minted value accordingly when a tier is removed and re-added in the future.