Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

`noOfTiers` of `DAOConfig` in `MembershipDAOStructs` should use `uint8` instead of `uint256`

sakibcy

Summary

noOfTiers of DAOConfig in MembershipDAOStructs should use uint8 instead of uint256

Vulnerability Details

noOfTiers of DAOConfig is using uint256. But it is only storing values from 1 to 7.

We can ensure that by seeing the TIER_MAX of MembershipDAOStructsand createNewDAOMembership, updateDAOMembershipfunction of MembershipFactory.

https://github.com/Cyfrin/2024-11-one-world/blob/main/contracts/dao/libraries/MembershipDAOStructs.sol

// SPDX-License-Identifier: MIT
pragma solidity 0.8.22;
​
uint64 constant TIER_MAX = 7; πŸ‘ˆ
​
enum DAOType {
PUBLIC,
PRIVATE,
SPONSORED
}
​
​
struct DAOConfig {
string ensname;
DAOType daoType;
TierConfig[] tiers;
address currency;
uint256 maxMembers;
uint256 noOfTiers; πŸ‘ˆ
//joined members check
}
​
struct DAOInputConfig {
string ensname;
DAOType daoType;
address currency;
uint256 maxMembers;
uint256 noOfTiers;
}
​
struct TierConfig {
uint256 amount;
uint256 price;
uint256 power;
uint256 minted;
}
​

Here we can see it is checking that daoConfig.noOfTiers should less than or equal to TIER_MAX and greater than 0.

2024-11-one-world/contracts/dao/MembershipFactory.sol at main Β· Cyfrin/2024-11-one-world

function createNewDAOMembership(DAOInputConfig calldata daoConfig, TierConfig[] calldata tierConfigs)
external returns (address) {
require(currencyManager.isCurrencyWhitelisted(daoConfig.currency), "Currency not accepted.");
require(daoConfig.noOfTiers == tierConfigs.length, "Invalid tier input.");
πŸ‘‰ require(daoConfig.noOfTiers > 0 && daoConfig.noOfTiers <= TIER_MAX, "Invalid tier count.");
require(getENSAddress[daoConfig.ensname] == address(0), "DAO already exist.");
if (daoConfig.daoType == DAOType.SPONSORED) {
require(daoConfig.noOfTiers == TIER_MAX, "Invalid tier count for sponsored.");
}
​
...OTHER_CODE...
}

Also here we can see, that it is also checking the same things.
https://github.com/Cyfrin/2024-11-one-world/blob/main/contracts/dao/MembershipFactory.sol#L96C5-L134C6

function updateDAOMembership(string calldata ensName, TierConfig[] memory tierConfigs) // @audit no emit event
external onlyRole(EXTERNAL_CALLER) returns (address) {
address daoAddress = getENSAddress[ensName];
πŸ‘‰ require(tierConfigs.length <= TIER_MAX, "Invalid tier count.");
require(tierConfigs.length > 0, "Invalid tier count.");
require(daoAddress != address(0), "DAO does not exist.");
DAOConfig storage dao = daos[daoAddress];
if(dao.daoType == DAOType.SPONSORED){
require(tierConfigs.length == TIER_MAX, "Invalid tier count.");
}
​
...OTHER_CODE...
πŸ‘‰ dao.noOfTiers = tierConfigs.length;
return daoAddress;
}

  • So we confirmed that it is only storing value from 1 to 7

Impact

using a larger data type like uint256 for a limited range of values wouldn't necessarily and is taking a lot of storage.

It is not storage efficient and also not gas optimized.

Tools Used

Manually Reviewed.

Recommendations

Use uint8 instead of uint256.

uint8 can store values from 0 to 255

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
0xbrivan2 Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.