Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Minted tokens not preserved in case `tierConfigs.length < dao.tiers.length` if using `MembershipFactory::updateDAOMembership` function

4th05

Relevant GitHub Links

https://github.com/Cyfrin/2024-11-one-world/blob/main/contracts/dao/MembershipFactory.sol#L114-L133

Summary

In case tierConfigs.length < dao.tiers.length using MembershipFactory::updateDAOMembership tokens of the tiers that exceed are not preserved, and lost forever.

Vulnerability Details

Minted tokens are deleted, and not preserved updating the memerbership of the DAO

for (uint256 i = 0; i < tierConfigs.length; i++) {
if (i < dao.tiers.length) {
tierConfigs[i].minted = dao.tiers[i].minted;
}
}
// Reset and update the tiers array
delete dao.tiers;
for (uint256 i = 0; i < tierConfigs.length; i++) {
dao.tiers.push(tierConfigs[i]);
maxMembers += tierConfigs[i].amount;
}
// updating the ceiling limit acc to new data
if(maxMembers > dao.maxMembers){
dao.maxMembers = maxMembers;
}
dao.noOfTiers = tierConfigs.length;
return daoAddress;

Impact

Minted tokens that represent share of the DAO profit for the user are not preserved.

Tools Used

Manual review

Recommendations

Add a require statement that new number of tiers should be >= old one.

Updates

Lead Judging Commences

0xbrivan2 Lead Judge
8 months ago
0xbrivan2 Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.