Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Front-running in DAO Membership Acquisition

peterpepoc

Summary

The MembershipFactory contract is susceptible to front-running attacks when one user attempts to join a certain tier that has only one spot remaining. Another user can monitor the mempool and front-run the transaction, seizing the last available position.

Vulnerability Details

The vulnerability exists in the joinDAO function of the MembershipFactory contract:

function joinDAO(address daoMembershipAddress, uint256 tierIndex) external {
require(daos[daoMembershipAddress].noOfTiers > tierIndex, "Invalid tier.");
// Critical check that can be exploited
require(daos[daoMembershipAddress].tiers[tierIndex].amount > daos[daoMembershipAddress].tiers[tierIndex].minted, "Tier full.");
uint256 tierPrice = daos[daoMembershipAddress].tiers[tierIndex].price;
// ... rest of the function
}

The issue arises because:
the function lacks any mechanism to prevent front-running

Impact

The vulnerability can lead to:

  1. Legitimate users being unable to join their desired DAO tier

  2. Users losing gas fees on failed transactions

  3. Potential manipulation of membership acquisition by MEV bots

  4. Degraded user experience and potential reputational damage to the protocol

Tools Used

Manual code review

Recommendations

Consider Using Flashbots: Implement private transaction submission through Flashbots to avoid mempool exposure in order to protecte against front-running

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Design choice
0xbrivan2 Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.