Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Lack of maxMembers Validation in MembershipFactory::createNewDAOMembership() function

aresaudits

Summary

The createNewDAOMembership() function does not validate that maxMembers is greater than zero. This allows the creation of DAOs with maxMembers set to zero, which can prevent any users from joining the DAO and create administrative challenges, as the DAO cannot be easily managed or deleted.

Vulnerability Details

In the createNewDAOMembership function, the following line checks that the sum of tier amounts does not exceed maxMembers:

require(totalMembers <= daoConfig.maxMembers, "Sum of tier amounts exceeds maxMembers.");

However, there is no check to ensure that daoConfig.maxMembers is greater than zero. This omission allows a user to create a DAO with maxMembers set to zero, effectively locking the DAO and preventing any memberships from being issued.

Impact

  • A DAO with maxMembers set to zero cannot have any members, effectively locking the DAO and rendering it unusable.

  • The DAO cannot be easily managed or deleted, potentially leading to clutter

Tools Used

manual review

Recommendations

Ensure that maxMembers is greater than zero when creating a new DAO.

+ require(daoConfig.maxMembers > 0, "maxMembers must be greater than zero.");
Updates

Lead Judging Commences

0xbrivan2 Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
0xbrivan2 Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Appeal created

aresaudits Submitter
9 months ago
0xbrivan2 Lead Judge
9 months ago
0xbrivan2 Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.