Project

Summary

• Users who joined early into DAO would be suffering loss indirectly

Vulnerability Details

• Lets suppose a DAO has been created.

• UserA joins the DAO through joinDAO() when there were no sendProfit() called inside Memsheership1155 contract of that DAO.

• Now other users (UserB,UserC) as well join the DAO when no sendProfit() was called .

• Lets say after 10 days sendProfit() is called and userD joined after sendProfit()

• Now until another sendPrableofit() is called all users would be able to claim same amount of prize token according to their propotion

• This is a clear loss to UserA, UserB , UserC as even though he joined DAO earlier but is able to claim same amount as of UserD.

• There is no motivation to joinDao early and because of this bug every user would join the DAO after the sendProfit() has been called.

• This also has implications because if there no users while sendProfit() then all profit goes to creator of DAO, so each user would wait for another user to join DAO and for sendProfits() to get call.

Impact

• Loss to users who joined the DAO early as they will receive same profit tokens in comparison to user who joined DAO after sendProfit() has been called.

Tools Used

Manual Review

Recommendations

• Make logic such that the early user should get more tokens to the user who joined after the sendProfit() gets called.