No control for the future `Airdrop`

[code423n4]

Lines of code

https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L690

Vulnerability details

Impact

You can't control the airdrop NFT on this contract PartyGovernance.sol. You can only control the preciousListHash

Proof of Concept

The execute() is check that the precious list preciousTokenIds and preciousTokens is valid or not

if (!_isPreciousListCorrect(preciousTokens, preciousTokenIds)) {
            revert BadPreciousListError();
        }

You can set them only on the first when you create a proposal

Recommended Mitigation Steps

Add more flexibility to control the future airdrop

[merklejerk]

This seems like a feature request. There is no security issue here.

[HardlyDifficult]

Agree - out of scope for this contest. Closing as invalid.