merklejerk
commented
1 year ago This is intentional. It's an arbitrary call to acquire the NFT, which is why we require that the party holds the NFT afterwards.
Closed code423n4 closed 1 year ago
merklejerk
commented
1 year ago This is intentional. It's an arbitrary call to acquire the NFT, which is why we require that the party holds the NFT afterwards.
HardlyDifficult
commented
1 year ago By design - invalid.
Lines of code
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/BuyCrowdfundBase.sol#L131
Vulnerability details
Impact
Anyone can create a contract. and send all the funds if
maximumPrice == 0or at the list he can get themaximumPriceProof of Concept
Create a contract to send the funds to it Invoke
buy()onCollectionBuyCrowdfund.solorBuyCrowdfund()And it will transfer all the funds to the malicious contractRecommended Mitigation Steps
Add more checks for the
callTarget