Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

The "updateDAOMembership::MembershipFactory" could leave members having tokens for non-existent tiers.

sachetadhanuka

Description

  1. Members of deleted tiers are left with tokens that no longer correspond to valid tiers

  2. Tier amounts can be set lower than currently minted amounts, creating an invalid state

  3. No validation for existing token holders when removing tiers

  4. Could create situations where members hold tokens for non-existent tiers

Proof Of Concept

Attack Scenario:

  1. DAO admin updates tiers reducing tier count from 4 to 2

  2. Members holding tokens for tiers 3 and 4 are now stranded

  3. Their tokens become worthless but still exist on-chain

  4. No compensation mechanism exists

delete dao.tiers;
for (uint256 i = 0; i < tierConfigs.length; i++) {
dao.tiers.push(tierConfigs[i]);
maxMembers += tierConfigs[i].amount;
}

Impact

  1. Stranded tokens for deleted tiers

  2. Broken token economics

  3. Invalid DAO state

  4. Member privileges could be revoked without compensation

  5. Potential for griefing attacks

Recommendation

function updateDAOMembership(string calldata ensName, TierConfig[] memory tierConfigs)
external onlyRole(EXTERNAL_CALLER) returns (address) {
// ... existing checks ...
// Validate new tier configs against existing minted amounts
for (uint256 i = 0; i < tierConfigs.length; i++) {
if (i < dao.tiers.length) {
require(tierConfigs[i].amount >= dao.tiers[i].minted,
"New tier amount cannot be less than minted amount");
tierConfigs[i].minted = dao.tiers[i].minted;
}
}
// Ensure no tokens exist for tiers being removed
for (uint256 i = tierConfigs.length; i < dao.tiers.length; i++) {
require(dao.tiers[i].minted == 0,
"Cannot remove tier with existing members");
}
// Update tiers
delete dao.tiers;
for (uint256 i = 0; i < tierConfigs.length; i++) {
dao.tiers.push(tierConfigs[i]);
maxMembers += tierConfigs[i].amount;
}
// ... rest of the function
}
Updates

Lead Judging Commences

0xbrivan2 Lead Judge
9 months ago
0xbrivan2 Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.