`MembershipFactory::createNewDAOMembership` Doesn't Enforce a Minimum Tier Price
Summary
Anyone can create a DAO and there is not minimum price enforced for a tier. If the price for a tier is less than 5 wei then no one will be able to enter the tier.
Vulnerability Details
MembershipFactory::createNewDAOMembership can be found here: https://github.com/Cyfrin/2024-11-one-world/blob/1e872c7ab393c380010a507398d4b4caca1ae32b/contracts/dao/MembershipFactory.sol#L55
The tier's price is never verified and pushed into the DAO's mapping here: https://github.com/Cyfrin/2024-11-one-world/blob/1e872c7ab393c380010a507398d4b4caca1ae32b/contracts/dao/MembershipFactory.sol#L87
When a tier price is set too low it will revert when trying to send a zero amount in the MembershipFactory::joinDAO here: https://github.com/Cyfrin/2024-11-one-world/blob/1e872c7ab393c380010a507398d4b4caca1ae32b/contracts/dao/MembershipFactory.sol#L144-L147
I the price for a tier is less than 5 then the protocol fee is zero here: https://github.com/Cyfrin/2024-11-one-world/blob/1e872c7ab393c380010a507398d4b4caca1ae32b/contracts/dao/MembershipFactory.sol#L144
Impact
Users will not be able to join a certain tier in a DAO or the whole DAO if the tiers are not configured correctly.
Tools Used
hardhat and manual review
Recommendations
Make the following change here: https://github.com/Cyfrin/2024-11-one-world/blob/1e872c7ab393c380010a507398d4b4caca1ae32b/contracts/dao/MembershipFactory.sol#L85-L88
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.