Missing Transfer Success Check in joinDAO Function
Summary:
The joinDAO function allows users to join a DAO by purchasing a membership NFT at a specific tier. However, it does not verify whether the transferFrom calls for payment and platform fees succeed, which could lead to users obtaining memberships without completing the payment.
Vulnerability Details:
The function assumes that IERC20.transferFrom calls for platformFees and tierPrice - platformFees will succeed without explicitly verifying this.
Nowhere in joinDAO function is checked does the _msgSender() has enough balance to join the DAO and buy tier
Impact:
If a user has insufficient funds or allowance, the function may still execute, resulting in:
Unpaid Memberships: Users could join a DAO tier without actually paying, impacting the DAO’s revenue and allowing unauthorized access.
DAO Revenue Discrepancies: Failing to collect the expected payments may affect the DAO’s revenue model, especially if revenue is distributed among members.
Tools Used:
Manual Code Review: Identified missing checks on transferFrom calls
Recommendations:
The logic can be fixed. You need to calculate the totalCost of tierPrice + platformFees, then get the _msgSender() balance
and check if the balance is bigger or equal than totalCost
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.