Project

One World

NFTDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Logical error in the validation of tier Index

aycozynfada

Summary

The joinDAO function in the provided Solidity code contains a logical error in the validation of the tierIndex. The current logic incorrectly checks if the tierIndex is valid, which could lead to potential issues in the contract’s functionality.
https://github.com/Cyfrin/2024-11-one-world/blob/main/contracts/dao/MembershipFactory.sol#L140-150

Vulnerability Details

The vulnerability lies in the following line of code:

require(daos[daoMembershipAddress].noOfTiers > tierIndex, "Invalid tier.");

This line checks if the tierIndex is less than the total number of tiers (noOfTiers). However, this logic is flawed because it does not account for the possibility of tierIndex being equal to the highest unit of tier index, which in such a scenario would be equal

Impact

This could result in users being able to join existent tiers, causing inconsistencies in the DAO membership data and Dos for incoming users

Tools Used

manual review

Recommendations

To fix the issue, the validation logic should be updated to ensure that tierIndex is within the valid range of existing tiers. The correct equality sign should be greater than or equals to

function joinDAO(address daoMembershipAddress, uint256 tierIndex) external {

-- require(daos[daoMembershipAddress].noOfTiers > tierIndex, "Invalid tier.");

++ require(daos[daoMembershipAddress].noOfTiers >== tierIndex, "Invalid tier.");

require(daos[daoMembershipAddress].tiers[tierIndex].amount > daos[daoMembershipAddress].tiers[tierIndex].minted, "Tier full.");

uint256 tierPrice = daos[daoMembershipAddress].tiers[tierIndex].price;

uint256 platformFees = (20 * tierPrice) / 100;

daos[daoMembershipAddress].tiers[tierIndex].minted += 1;

IERC20(daos[daoMembershipAddress].currency).transferFrom(_msgSender(), owpWallet, platformFees);

IERC20(daos[daoMembershipAddress].currency).transferFrom(_msgSender(), daoMembershipAddress, tierPrice - platformFees);

IMembershipERC1155(daoMembershipAddress).mint(_msgSender(), tierIndex, 1);

emit UserJoinedDAO(_msgSender(), daoMembershipAddress, tierIndex);

}

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

0xbrivan2 Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

541

28 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.