[NAZ-M3] Use `safeTransferFrom()` instead of `transferFrom()` for ERC721 transfers

[code423n4]

Lines of code

https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L301

Vulnerability details

Impact

The transferFrom() method is used instead of safeTransferFrom(), presumably to save gas. I however argue that this isn’t recommended because:

• OpenZeppelin’s documentation discourages the use of transferFrom(), use safeTransferFrom() whenever possible.
• Given that any NFT can be used, there are a few NFTs (here’s an example) that have logic in the onERC721Received() function, which is only triggered in the safeTransferFrom() function and not in transferFrom().

Tools Used

Manual Review

Recommended Mitigation Steps

Consider the use of safeTransferFrom() method instead of transferFrom() for NFT transfers.

[merklejerk]

Duplicate of #20

[HardlyDifficult]

The rec is invalid for this line.