Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

An attacker can take all profit when calling `MembershipERC1155::sendProfit` and total supply is 0

x18a6

Vulnerability Details

Steps of the Attack:

  • Frontrun:

The attacker monitors the blockchain for a transaction that calls the sendProfit function and totalSupply is 0.
Then frontrun it by buying say the lowest tier token, ensuring that totalSupply is now greater than zero.

  • Profit Distribution:

The sendProfit function is executed, and since totalSupply is now greater than zero, the profit is distributed among token holders, which are the attacker only in this case.

  • Backrun:

Immediately after the profit distribution, the attacker backruns sendProfit with claimProfit function, effectively claiming all the profit.

contracts/dao/tokens/MembershipERC1155.sol#L198

/// @notice Distributes profits to token holders
/// @param amount The amount of currency to distribute
function sendProfit(uint256 amount) external {
uint256 _totalSupply = totalSupply;
if (_totalSupply > 0) {
// Distribute profit among token holders
} else {
//@audit frontrun by buying lowest tier
IERC20(currency).safeTransferFrom(msg.sender, creator, amount); // Redirect profit to creator if no supply
//@audit backrun by claimProfit
}
}

Impact

Attacker can take all profit when calling MembershipERC1155::sendProfit and total supply is 0.

Tools Used

Recommendations

One way to fix this is to add a minimum holding period before being able to sell.

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.