Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Missing Minted Count Update in MembershipFactory::upgradeTier()

ayoashy

Summary

The MembershipFactory::upgradeTier() function allows users to upgrade their DAO membership tier within a sponsored DAO. However, while it mints a token in the new tier and burns two tokens from the lower tier, it fails to update the minted count of the upgraded tier. This inconsistency between the actual token count and the minted count stored in daos[daoMembershipAddress].tiers[tierIndex].minted could lead to inaccurate tracking of token supply across tiers.

https://github.com/Cyfrin/2024-11-one-world/blob/main/contracts/dao/MembershipFactory.sol#L155

Impact

Due to the missing increment of the minted count in the upgraded tier, the protocol will underestimate the actual number of minted tokens in the target tier. This could result to mismanagement of DAO Membership

Tools Used

Manual Review

Recommendations

To address this vulnerability, update the MembershipFactory::upgradeTier() as follows:

function upgradeTier(address daoMembershipAddress, uint256 fromTierIndex) external {
require(daos[daoMembershipAddress].daoType == DAOType.SPONSORED, "Upgrade not allowed.");
require(daos[daoMembershipAddress].noOfTiers >= fromTierIndex + 1, "No higher tier available.");
IMembershipERC1155(daoMembershipAddress).burn(_msgSender(), fromTierIndex, 2);
IMembershipERC1155(daoMembershipAddress).mint(_msgSender(), fromTierIndex - 1, 1);
+ daos[daoMembershipAddress].tiers[fromTierIndex - 1].minted += 1; // Increment the minted count for the new tier
emit UserJoinedDAO(_msgSender(), daoMembershipAddress, fromTierIndex - 1);
}
Updates

Lead Judging Commences

0xbrivan2 Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.