Submission Details
Severity:
Missing validation if user has sufficient balance in `fromTierIndex`
Summary
Verify that the user has sufficient balance in fromTierIndex to upgrade.
Vulnerability Details
The function MembershipFactory::upgradeTier directly calls burn on fromTierIndex without first verifying the user’s balance for that tier.
Impact
If the user doesn’t have enough tokens in fromTierIndex, burn will fail.
Tools Used
Manual review
Recommendations
Add a check to ensure the user has enough tokens in the fromTierIndex tier before attempting to burn:
function upgradeTier(address daoMembershipAddress, uint256 fromTierIndex) external {
require(daos[daoMembershipAddress].daoType == DAOType.SPONSORED, "Upgrade not allowed.");
require(daos[daoMembershipAddress].noOfTiers >= fromTierIndex + 1, "No higher tier available.");
+ require(IMembershipERC1155(daoMembershipAddress).balanceOf(msg.sender, fromTierIndex) >= 2, "Insufficient tier balance to upgrade.");
IMembershipERC1155(daoMembershipAddress).burn(_msgSender(), fromTierIndex, 2);
IMembershipERC1155(daoMembershipAddress).mint(_msgSender(), fromTierIndex - 1, 1);
emit UserJoinedDAO(_msgSender(), daoMembershipAddress, fromTierIndex - 1);
}
Prize pool breakdown
Total prize
15,000 USDC
nSLOC
54128 USDC / LOC
14,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.