Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Possibility to get a cheaper price for the same tier nft

Beyond Audit

Summary:

Looking in the upgradeTier() function, a user can find a way to disrupt a bad economic management of a dao.

The upgradeTier() function :

function upgradeTier(address daoMembershipAddress, uint256 fromTierIndex) external {
require(daos[daoMembershipAddress].daoType == DAOType.SPONSORED, "Upgrade not allowed.");
require(daos[daoMembershipAddress].noOfTiers >= fromTierIndex + 1, "No higher tier available.");
@> IMembershipERC1155(daoMembershipAddress).burn(_msgSender(), fromTierIndex, 2);
@> IMembershipERC1155(daoMembershipAddress).mint(_msgSender(), fromTierIndex - 1, 1);
emit UserJoinedDAO(_msgSender(), daoMembershipAddress, fromTierIndex - 1);
}

The function allows a user to burn 2 NFTs of a particular tier to mint 1 NFT of the tier below (a better tier).
If 2 NFT's price is lower than 1 NFT's higher tier, a user will just buy lower tier NFTs and upgrade them. Breakinng the protocol DAO expectation on his economic behaviour.

Impact:

Get NFT's at cheaper price, it's unfair for the people who bought the higher tier NFT directly.

Recommandation:

Add checks to make sure buying a given tier NFT is cheaper than 2 NFTs of the tier below. This would incentivize the buyer to go for the highest NFT directly. For example :
x2 Tier 6 must be equal than x1 Tier 5
x2 Tier 5 must be equal than x1 Tier 4
...

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.