Summary

DAO membership system allows owners to perform sandwich attacks by manipulating tier prices. Owners can mint high-weight tokens at low prices, adjust prices upward, then profit from both weighted voting power and subsequent member purchases at inflated rates.

Vulnerability Details

• Vulnerable Function: MembershipFactory.sol:createNewDAOMembership

• Attack Flow:

  1. Owner creates DAO with minimal prices for high-weight tiers (Tier 0: 64x weight)

  2. Mints high-tier tokens at low cost

  3. Increases tier prices

  4. Forces new members to pay high prices for lower-weight tiers (1x-32x weight)

• Root Cause: No price validation or price change restrictions in tier configuration

Impact

• Owner gains disproportionate voting power at minimal cost

• New members overpay for lower-weight tokens

• Undermines DAO economic fairness and governance

• Enables profit extraction through price manipulation

Tools Used

• Manual code review

Recommendations

1. Implement Price Controls:

   require(newPrice <= oldPrice * MAX_PRICE_INCREASE, "Price increase too high");

   require(tierConfigs[i].price >= minPriceForWeight[i], "Price too low for weight");

2. Add Time Locks:

   • Enforce cooling period between price changes

   • Lock owner's high-tier tokens after minting