Anyone can create a contract. and send all the funds if maximumPrice == 0 or at the list he can get the maximumPrice
Proof of Concept
Create a contract to send the funds to it
Invoke buy() on CollectionBuyCrowdfund.sol or BuyCrowdfund()
And it will transfer all the funds to the malicious contract
Lines of code
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/BuyCrowdfundBase.sol#L131
Vulnerability details
Impact
Anyone can create a contract. and send all the funds if
maximumPrice == 0
or at the list he can get themaximumPrice
Proof of Concept
Create a contract to send the funds to it Invoke
buy()
onCollectionBuyCrowdfund.sol
orBuyCrowdfund()
And it will transfer all the funds to the malicious contractRecommended Mitigation Steps
Add more checks for the
callTarget