Closed code423n4 closed 1 year ago
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L690
You can't control the airdrop NFT on this contract PartyGovernance.sol. You can only control the preciousListHash
NFT
PartyGovernance.sol
preciousListHash
The execute() is check that the precious list preciousTokenIds and preciousTokens is valid or not
execute()
preciousTokenIds
preciousTokens
if (!_isPreciousListCorrect(preciousTokens, preciousTokenIds)) { revert BadPreciousListError(); }
You can set them only on the first when you create a proposal
Add more flexibility to control the future airdrop
This seems like a feature request. There is no security issue here.
Agree - out of scope for this contest. Closing as invalid.
Lines of code
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L690
Vulnerability details
Impact
You can't control the airdrop
NFT
on this contractPartyGovernance.sol
. You can only control thepreciousListHash
Proof of Concept
The
execute()
is check that the precious listpreciousTokenIds
andpreciousTokens
is valid or notYou can set them only on the first when you create a proposal
Recommended Mitigation Steps
Add more flexibility to control the future airdrop