Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing event emission in updateDAOMembership function

peterpepoc

Summary

The updateDAOMembership function in the MembershipFactory contract performs critical state changes without emitting corresponding events.

Vulnerability Details

The vulnerability exists in the updateDAOMembership function:

function updateDAOMembership(string calldata ensName, TierConfig[] memory tierConfigs)
external onlyRole(EXTERNAL_CALLER) returns (address) {
address daoAddress = getENSAddress[ensName];
require(tierConfigs.length <= TIER_MAX, "Invalid tier count.");
require(tierConfigs.length > 0, "Invalid tier count.");
require(daoAddress != address(0), "DAO does not exist.");
DAOConfig storage dao = daos[daoAddress];
// ... state changes ...
// @audit No event emission after significant state changes
return daoAddress;
}

The function updates several critical state variables including:
DAO tier configurations,
Maximum member limits,
Number of tiers.

However, it fails to emit any events to record these changes.

Impact

  1. Reduced transparency

  2. Difficulty to track changes

  3. Inefficient or impossible integration with other contracts and services

Tools Used

Manual code review

Recommendations

Add appropriate event emissions to track state changes:

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
0xbrivan2 Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.