Submission Details
Severity:
[M-3] MembershipFactory.sol does not have the OWP_FACTORY_ROLE, therefore cannot call burn::MembershipERC1155 in upgradeTier
Summary
function upgradeTier(address daoMembershipAddress, uint256 fromTierIndex) external {
require(daos[daoMembershipAddress].daoType == DAOType.SPONSORED, "Upgrade not allowed.");
require(daos[daoMembershipAddress].noOfTiers >= fromTierIndex + 1, "No higher tier available.");
IMembershipERC1155(daoMembershipAddress).burn(_msgSender(), fromTierIndex, 2);
//@audit can only be called by OWP_FACTORY_ROLE
IMembershipERC1155(daoMembershipAddress).mint(_msgSender(), fromTierIndex - 1, 1);
emit UserJoinedDAO(_msgSender(), daoMembershipAddress, fromTierIndex - 1);
}
Vulnerability Details
burn::MembershipERC1155.solhas a modifier OWP_FACTORY_ROLE, the upgradeTier::MembershipFcactory.solwill revert if the contract MembershipFactory.sol calls IMembershipERC1155(daoMembershipAddress).burn(_msgSender(), fromTierIndex, 2)
Impact
Users will not be able to upgradeTiers or mint NFTs
Tools Used
Manual review
Recommendations
MembershipERC1155.solshould granted OWP_FACTORY_ROLErole
Prize pool breakdown
Total prize
15,000 USDC
nSLOC
54128 USDC / LOC
14,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.