Project

One World

NFTDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

A malicious user can take advantage of the protocol because UpgrageTier Function does not take into consideration difference in prices of different tiers

0xd4n13l

Summary

A user can upgrade their Tier to a higher tier, but this is done by just burning the previous token and minting another, not taken into consideration that different tiers could cost different amount.

Vulnerability Details

A creator creates a DAO with tier 0 cost 1 ether, tier 1 costing 0.5 ether and tier 2 costing 0.25 ether
An attacker joins tier 2 of the DAO which costs 0.25 ether
the attacker decides to upgrade tier which will cost 1 ether, but since they're upgrading it only burns their tier 2 tokens and mints tier 0 for them

Impact

Loss of funds to the DAO

Tools Used

Manual Code Review

Recommendations

Fix Upgrade function to consider price of each tiers

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Known issue

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

541

28 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.