Summary

The upgradeTier() function contains three critical flaws: potential arithmetic underflow, inverted tier availability check, and missing validation for highest tier upgrades.

Vulnerability Details

In MembershipFactory.sol, upgradeTier() has several logical issues:

This creates three specific vulnerabilities:

1. Arithmetic underflow when upgrading from tier 0

2. Logically inconsistent tier availability check

3. No guard against upgrading from highest tier

Impact

• Function reverts when attempting to upgrade from tier 0 due to underflow

• Incorrect tier availability validation

• Confusing user experience with inconsistent tier logic

Tools Used

• Manual code review

Recommendations