Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Incorrect Burn and Mint Logic of NFT

momoweb3

Summary

The function was designed to upgrade users tier, but it decreases it instead

https://github.com/Cyfrin/2024-11-one-world/blob/1e872c7ab393c380010a507398d4b4caca1ae32b/contracts/dao/MembershipFactory.sol#L155C4-L161C6

Vulnerability Details

The function attempts to "upgrade" by burning two tokens from fromTierIndex`` and minting one token at fromTierIndex - 1. Upgrading should logically involve burning one token from the lower tier and minting at a higher tier. also If fromTierIndex - 1` is zero, it will cause an invalid tier index error or lead to incorrect behavior if index zero is not intended as a valid tier.

Impact

The current setup would decrease the user's tier instead of upgrading it.

Recommendations

subtract exactly 1 and add exactly 1 token

require(daos[daoMembershipAddress].daoType == DAOType.SPONSORED, "Upgrade not allowed.");
require(daos[daoMembershipAddress].noOfTiers > fromTierIndex + 1, "Already at the highest tier or invalid tier");
IMembershipERC1155 membershipContract = IMembershipERC1155(daoMembershipAddress);
require(membershipContract.balanceOf(_msgSender(), fromTierIndex) >= 1, "Insufficient tokens in current tier");
// Define the target tier index for the upgrade
uint256 toTierIndex = fromTierIndex + 1;
// Burn one token from the current tier
membershipContract.burn(_msgSender(), fromTierIndex, 1);
// Mint one token in the next higher tier
membershipContract.mint(_msgSender(), toTierIndex, 1);
emit UserJoinedDAO(_msgSender(), daoMembershipAddress, fromTierIndex, toTierIndex);
}
Updates

Lead Judging Commences

0xbrivan2 Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.