Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

A single user can create a lot of unused DAOs

toddteller

Summary

The MembershipFactory::createNewDAOMembership function allows a single user to create numerous unnecessary DAOs without restrictions.

Vulnerability Details

A single user can create a large number of unused DAOs, as there is no limit on the number of DAOs that can be generated by an individual user.

Impact

The protocol risks becoming filled with numerous unused DAOs created by multiple users, potentially impacting management complexity.

POC

Use the following script with foundry or write it in javascript

function create() internal {
vm.startBroadcast();
tierConfig.push(TierConfig(100, 3, 3, 0));
for (uint i = 0; i < 10000; i++) {
DAOInputConfig memory daoInputConfig = DAOInputConfig(
string(abi.encodePacked("testdao", i, ".eth")),
DAOType.PUBLIC,
owpERC20,
100,
1
);
MembershipFactory(membershipFactory).createNewDAOMembership(
daoInputConfig,
tierConfig
);
}
vm.stopBroadcast();
}

Tools Used

Foundry

Recommendations

Consider adding a limit on the number of DAOs each user can create, or introduce a time interval between new DAO creations by a single a user.

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
0xbrivan2 Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.