Project

One World

NFTDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

MembershipFactory Tier Upgrade Capacity Bypass

0xnirix

Summary

The upgradeTier function lacks tier capacity validation, allowing users to upgrade to full tiers.

Vulnerability Details

Location: MembershipFactory.sol, upgradeTier() function
The function performs tier upgrades without checking if the target tier has available capacity
While joinDAO() enforces tier limits with require(daos[daoMembershipAddress].tiers[tierIndex].amount > daos[daoMembershipAddress].tiers[tierIndex].minted), upgradeTier() lacks this check
Missing tier capacity tracking: minted counts aren't updated during upgrades
Current check only validates existence of higher tier: require(daos[daoMembershipAddress].noOfTiers >= fromTierIndex + 1)

Impact

HIGH - Tier capacity limits can be exceeded, breaking DAO membership structure and governance mechanisms.

Tools Used

Manual code review

Recommendations

function upgradeTier(address daoMembershipAddress, uint256 fromTierIndex) external {

// existing checks...

uint256 targetTier = fromTierIndex - 1;

require(daos[daoMembershipAddress].tiers[targetTier].amount >

daos[daoMembershipAddress].tiers[targetTier].minted,

"Target tier full");

// rest of the function...

}

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Known issue

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

541

28 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.