Any ETH that is transferred to the crowdfund contract will be locked, due to it not being transferred to the new party contract. This can lead to users who donates to the crowdfund (by transferring ETH, which means without getting any governance votes) to lose their ETH, and for the ETH that was collected for an NFT that was given for free to be locked.
Tools Used
Manual audit
Recommended Mitigation Steps
Consider transferring all the ETH in the crowdfund contract to the party contract once created
Lines of code
https://github.com/PartyDAO/party-contracts-c4/blob/3896577b8f0fa16cba129dc2867aba786b730c1b/contracts/crowdfund/Crowdfund.sol#L280-L298
Vulnerability details
Impact
Any ETH that is transferred to the crowdfund contract will be locked, due to it not being transferred to the new party contract. This can lead to users who donates to the crowdfund (by transferring ETH, which means without getting any governance votes) to lose their ETH, and for the ETH that was collected for an NFT that was given for free to be locked.
Tools Used
Manual audit
Recommended Mitigation Steps
Consider transferring all the ETH in the crowdfund contract to the party contract once created