_burn() calls party.mint() which then calls _mint(). This does not check that the receiver accepts ERC721 token transfers like _safeMint() does. If a user was not be able to receive their ERC721 token. They won't be able to move their voting power to new accounts and could cause other issues in the future.
Tools Used
Manual Review
Recommended Mitigation Steps
Consider the use of _safeMint() method instead of _mint(). On top of this add a reentrancy guard for _safeMint() does introduces a reentrancy opportunity. Alternatively, document the design decision to use _mint() and the associated risk for end users.
Lines of code
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L480
Vulnerability details
Impact
_burn()
callsparty.mint()
which then calls_mint()
. This does not check that the receiver accepts ERC721 token transfers like_safeMint()
does. If a user was not be able to receive their ERC721 token. They won't be able to move their voting power to new accounts and could cause other issues in the future.Tools Used
Manual Review
Recommended Mitigation Steps
Consider the use of
_safeMint()
method instead of_mint()
. On top of this add a reentrancy guard for_safeMint()
does introduces a reentrancy opportunity. Alternatively, document the design decision to use_mint()
and the associated risk for end users.