Summary

A vulnerability exists in the MembershipFactory.sol::updateDAOMembership function because it does not validate that the new amount in tierConfigs meets or exceeds the existing minted value for each tier. This can result in inconsistencies within the DAOConfig structure, breaking invariants related to membership limits and potentially causing unexpected behaviors for DAO members.

Vulnerability Details

Vulnerability Location: MembershipFactory.sol::updateDAOMembership

When updating tier configurations, this function does not ensure that tierConfigs[i].amount is greater than or equal to the current minted value for each tier. For instance, if a DAO originally allowed 100 members in a tier, and 60 members have already joined (i.e., minted = 60), reducing the amount to 50 would create a tier configuration where minted exceeds the amount. This results in an invalid state where more members exist than the newly defined limit, violating the invariant of membership limits for each tier.

Impact

The impact of this vulnerability is classified as Medium, as it can lead to:

• Broken invariants in the membership logic, where tiers contain more members than specified.

• Potential confusion or errors in subsequent logic that rely on accurate amount values.

• Mismanagement of membership caps could degrade the user experience and trust in DAO governance and membership management.

Tools Used

The vulnerability was identified through:

• Manual Code Review: A manual inspection revealed the missing check for minted exceeding amount in updated tierConfigs.

Recommendations

1. Add minted Check in updateDAOMembership: Before updating tierConfigs, enforce a requirement that each tierConfigs[i].amount must be greater than or equal to dao.tiers[i].minted. This will prevent downgrades of amount values that fall below minted, ensuring consistency.

Example:

2. Enhance Test Coverage: Implement unit tests to confirm that downgrades of amount values are prohibited when minted already meets or exceeds the proposed new amount value.

3. Add Documentation and Alerts for DAO Owners: Make DAO owners aware that reducing membership limits is not allowed below the current member count, to avoid errors in user expectations.