the joindao() lacks a zero address check which can lead to unintended behaviors,
When a zero address is passed as daoMembershipAddress
, the first require
statement will likely fail because daos[address(0)]
will return the default value for the struct type, which is typically zero. This means that if noOfTiers
is zero, the check daos[daoMembershipAddress].noOfTiers > tierIndex
will fail, causing the transaction to revert with the message "Invalid tier."
As a result, the function will not execute any further
A malicious user could repeatedly call the joinDAO
function with the zero address, causing legitimate users to experience repeated failures when they attempt to call the function with valid parameters
manual review
this line of code should be added before performing any logic in the function to avoid unexpected behavior
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.