Project

One World

NFTDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Wrong check in upgradeTier function in MembershipFactory contract

0xd4n13l

Summary

The upgradeTier function is making this check

require(daos[daoMembershipAddress].noOfTiers >= fromTierIndex + 1, "No higher tier available.");

But the purpose of upgradingTier is to reduce the index because lower index represents higher tier

Vulnerability Details

A creator creates a DAO with Tier 0, 1, 2, 3, 4
A user joins the DAO at Tier 3
The User then calls upgradeTier function to upgrade to Tier 2
This check

require(daos[daoMembershipAddress].noOfTiers >= fromTierIndex + 1, "No higher tier available.");

Checks for 5 total number of tiers is greater than or equal to 3+1, which has no impact since the aim of the function is to reduce the index number of the token to user owns.

Impact

Could to the contract not acting as intended

Tools Used

Manual code Review

Recommendations

Check should check for users at Index 0 trying to go to higher index

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 8 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

0xbrivan2 Lead Judge 8 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

541

28 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.