Project

Summary

In the current implementation, a user who holds multiple tokens in a lower tier cannot perform a multi-tier upgrade in a single transaction, even if they have enough tokens to qualify for a higher tier. Specifically, users must upgrade one tier at a time, and the contract does not utilize the full balance in cases where users possess more than 2 tokens in a lower tier. This limitation hinders a streamlined upgrade experience for users who have accumulated multiple tokens and wish to jump directly to a higher tier.

Vulnerability Details

The upgradeTier function only burns 2 tokens per upgrade and moves the user up by a single tier.

When a user holds a token balance greater than 2 at a lower tier, the function does not account for the additional tokens that could enable multiple upgrades within one transaction. Consequently, a user with sufficient tokens to skip multiple tiers must still execute separate upgrade calls, resulting in higher transaction costs and unnecessary complexity.

Impact

Users with multiple tokens in a tier must perform repeated upgrades to reach the desired higher tier, resulting in higher transaction costs and added complexity
The inability to upgrade multiple tiers in one go can lead to a poor user experience, as users may find the process cumbersome and inefficient.

Tools Used

Manual Review

Recommendation

To support multi-tier upgrades, modify the upgradeTier function to calculate the number of potential upgrades based on the user’s token balance in the current tier. Allow the function to burn the appropriate amount of tokens to facilitate multiple upgrades within a single transaction