Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

L-[01] Invalid tier config could cause too much gas usage

madhuvarun

Summary

Users can create a new DAO membership usingMembershipFactory::createNewDAOMembership. This function validates input and creates a new transparent upgradeable proxy which ties itself to the MembershipERC1155contract. The function first deploys the upgradeable contract and then it checks whether tier config provided by user is valid or not. When a user submits invalid tier config data to create a new DAO, this could lead to significant gas wastage.

Vulnerability analysis

TransparentUpgradeableProxy proxy = new TransparentUpgradeableProxy(
membershipImplementation,
address(proxyAdmin),
abi.encodeWithSignature("initialize(string,string,string,address,address)", daoConfig.ensname, "OWP", baseURI, _msgSender(), daoConfig.currency)
);
DAOConfig storage dao = daos[address(proxy)];
dao.ensname = daoConfig.ensname;
dao.daoType = daoConfig.daoType;
dao.currency = daoConfig.currency;
dao.maxMembers = daoConfig.maxMembers;
dao.noOfTiers = daoConfig.noOfTiers;
for (uint256 i = 0; i < tierConfigs.length; i++) {
require(tierConfigs[i].minted == 0, "Invalid tier config");
dao.tiers.push(tierConfigs[i]);
}

The issue occurs at line 14 in the above code. TierConfig data is looped through to check if the minted value is zero or not. This condition should be checked before deploying the proxy contract. After deploying the proxy the tier config data should be pushed into the state variable. As tierConfigs length can't be greater than 7, writing for loops before deploying and after deploying shouldn't cost much.

Impact

User spends too much gas. Impact is low.

Tools used

Manual analysis

Recommendations

Please validate the tier config data before creating a new contract. Then after deploying the proxy write a for loop again to push tier config data to state variable.

+for (uint256 i = 0; i < tierConfigs.length; i++) {
+ require(tierConfigs[i].minted == 0, "Invalid tier config");
+}
TransparentUpgradeableProxy proxy = new TransparentUpgradeableProxy(
membershipImplementation,
address(proxyAdmin),
abi.encodeWithSignature("initialize(string,string,string,address,address)", daoConfig.ensname, "OWP", baseURI, _msgSender(), daoConfig.currency)
);
DAOConfig storage dao = daos[address(proxy)];
dao.ensname = daoConfig.ensname;
dao.daoType = daoConfig.daoType;
dao.currency = daoConfig.currency;
dao.maxMembers = daoConfig.maxMembers;
dao.noOfTiers = daoConfig.noOfTiers;
for (uint256 i = 0; i < tierConfigs.length; i++) {
- require(tierConfigs[i].minted == 0, "Invalid tier config");
dao.tiers.push(tierConfigs[i]);
}
Updates

Lead Judging Commences

0xbrivan2 Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality
0xbrivan2 Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.