Submission Details
Severity:
[M-2] MembershipFactory.sol does not have OWP_FACTORY_ROLE therefore will not be able to mint in joinDAO
Summary
MembershipFactory.sol does not have OWP_FACTORY_ROLE therefore will not be able to mint in joinDAO
function joinDAO(address daoMembershipAddress, uint256 tierIndex) external {
require(daos[daoMembershipAddress].noOfTiers > tierIndex, "Invalid tier.");
require(daos[daoMembershipAddress].tiers[tierIndex].amount > daos[daoMembershipAddress].tiers[tierIndex].minted, "Tier full.");
uint256 tierPrice = daos[daoMembershipAddress].tiers[tierIndex].price;
uint256 platformFees = (20 * tierPrice) / 100;
daos[daoMembershipAddress].tiers[tierIndex].minted += 1;
IERC20(daos[daoMembershipAddress].currency).transferFrom(_msgSender(), owpWallet, platformFees);
IERC20(daos[daoMembershipAddress].currency).transferFrom(_msgSender(), daoMembershipAddress, tierPrice - platformFees);
//@audit only onlyRole(OWP_FACTORY_ROLE) can mint
IMembershipERC1155(daoMembershipAddress).mint(_msgSender(), tierIndex, 1);
emit UserJoinedDAO(_msgSender(), daoMembershipAddress, tierIndex);
}
Vulnerability Details
In MembershipERC1155 the function mint has a modifier OWP_FACTORY_ROLE. In joinDAO::MembershipFactory.solthe function mint , this would always revert if the contract MembershipFactory.solis the one calling the function joinDAO
Impact
This could cause users to be unable to join the DAO or receive their membership tokens, which defeats the purpose of the joinDAO function.
Tools Used
Manual review
Recommendations
The deployer could grant the contract MembershipFactory.solthe role OWP_FACTORY_ROLE
Prize pool breakdown
Total prize
15,000 USDC
nSLOC
54128 USDC / LOC
14,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.