Project

Summary

When DAO membership is updated all the previous minted values for each tiers are copied and moved to the new tiers that's being assigned. This could lead to issues if the number of tiers is less than the previous tiers.

Vulnerability Details

• Creator interacts with the factory contract creating a new DAO with Tier 1, 2,3,4

• Users interacts with DAO and Tier 1 has 5 minted, Tier 2 has 4 minted, tier 3 has 10 minted, tier 4 has 15 minted.

• External Caller which is deployer of the Factory calls updateDAOMembership() with Tier 1, 2, 3

• Since there is no check to prevent updating DAO with lesser tiers than was previously then, it copies the values of minted from the previous tiers 1,2,3 and assign to the new tiers and all the previous tiers are deleted.

• This leads to minted values in the tier 4 being lost.

Impact

This would lead to the Factory contract not being able to accurately account for number of DAO members which could lead to Max Members being exceeded and therefore affecting profit sharing in MembershipERC1155 contract

Tools Used

Manual Code Review

Recommendations

A check should be put in place to prevent updating DAO with less tiers than was previously created.