User which is a contract who doesn't have a receive function can't burn his token to get the governance power, because ethOwed ether are transferred to him. This is correct even if ethOwed is 0.
Tools Used
Manual audit
Recommended Mitigation Steps
Consider separating the ETH claiming logic to another function or use wETH.
merklejerk
commented
1 year ago
Lines of code
https://github.com/PartyDAO/party-contracts-c4/blob/3896577b8f0fa16cba129dc2867aba786b730c1b/contracts/crowdfund/Crowdfund.sol#L487
Vulnerability details
Impact
User which is a contract who doesn't have a receive function can't burn his token to get the governance power, because
ethOwedether are transferred to him. This is correct even ifethOwedis 0.Tools Used
Manual audit
Recommended Mitigation Steps
Consider separating the ETH claiming logic to another function or use wETH.