Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Fee Calculation Rounds Down, Favoring the User

0xaman

Summary

When a user wants to join the DAO, the protocol charges a 20% fee on the NFT price. Since the protocol supports high-value tokens, even a small rounding loss of 1 unit can lead to a significant financial loss.

Vulnerability Details

When a user wants to join the DAO, the protocol charges a 20% fee on the NFT price. Given that the protocol supports high-value tokens like WBTC and WETH, the rounding down will result in a loss of 1 WEI. For example, 1 WEI or 1 unit of WBTC equals approximately $0.08. This small loss will accumulate with each token minted.

dao/MembershipFactory.sol:140
140: function joinDAO(address daoMembershipAddress, uint256 tierIndex) external {
141: require(daos[daoMembershipAddress].noOfTiers > tierIndex, "Invalid tier.");
142: require(daos[daoMembershipAddress].tiers[tierIndex].amount > daos[daoMembershipAddress].tiers[tierIndex].minted, "Tier full.");
143: uint256 tierPrice = daos[daoMembershipAddress].tiers[tierIndex].price;
144:--> uint256 platformFees = (20 * tierPrice) / 100;
145: daos[daoMembershipAddress].tiers[tierIndex].minted += 1;
146: IERC20(daos[daoMembershipAddress].currency).transferFrom(_msgSender(), owpWallet, platformFees);
147: IERC20(daos[daoMembershipAddress].currency).transferFrom(_msgSender(), daoMembershipAddress, tierPrice - platformFees);

Impact

Lose of assets for protocol.

Tools Used

Manual review

Recommendations

Round up in favour of protocol.

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.