Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

An attacker can weaponize not updating `tiers.minted` in `MembershipFactory` contract to make tiers unusable

x18a6

Vulnerability Details

contracts/dao/MembershipFactory.sol#L137-L150

/// @notice Allows a user to join a DAO by purchasing a membership NFT at a specific tier
/// @param daoMembershipAddress The address of the DAO membership NFT
/// @param tierIndex The index of the tier to join
function joinDAO(address daoMembershipAddress, uint256 tierIndex) external {
// ...
require(daos[daoMembershipAddress].tiers[tierIndex].amount > daos[daoMembershipAddress].tiers[tierIndex].minted, "Tier full.");
// ...

Cyfrin report states under 7.3.4 that:

The tiers.minted member should be decremented for the original tier and incremented for the upgraded tier, validating that tier.amount is not exceeded.

However, it doesn't elaborate in the worse impact possible.

  • An attacker can weaponize this to make tiers unusable by minting a tier to its full amount of tokens then upgrading all of them.

  • Even if the tier is empty now, it will still be unusable by the DAO because of the previous check in joinDAO:

require(daos[daoMembershipAddress].tiers[tierIndex].amount > daos[daoMembershipAddress].tiers[tierIndex].minted, "Tier full.");

Impact

This vulnerability can lead to specific tiers being unusable, preventing legitimate users from joining the DAO or upgrading their tokens to those tiers.

Tools Used

Manual review.

Recommendations

We recommend tiers.minted as advised by Cyfrin's report.

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.