Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Hardcoded platform fee percentage lacks flexibility and transparency

peterpepoc

Summary

The MembershipFactory contract has a hardcoded platform fee percentage (20%) in the joinDAO function. This design lacks flexibility for fee adjustments and transparency for users, potentially impacting protocol governance and user trust.

Vulnerability Details

In the MembershipFactory contract, the platform fee calculation is hardcoded to 20%:

function joinDAO(address daoMembershipAddress, uint256 tierIndex) external {
// ... other code ...
uint256 tierPrice = daos[daoMembershipAddress].tiers[tierIndex].price;
uint256 platformFees = (20 * tierPrice) / 100; // Hardcoded 20% fee
// ... rest of the function
}

This implementation has several issues:
1.No ability to adjust fees without contract upgrade
2.No transparency mechanism for users to query current fee rates
3.No event emitted when fees are collected

Impact

1.Protocol administrators cannot adjust fees based on market conditions
2.Reduced protocol flexibility and adaptability
3.Users cannot easily verify the current fee structure
4.Potential loss of user trust due to lack of transparency

Tools Used

Manual code review

Recommendations

1.Add fee adjustment mechanism
2.Add fee viewing functions for better transparency
3.Add the event emitted when fees are collected

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Design choice
0xbrivan2 Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.