use higher version of openzeppelin library instead of vulnerible ones.

2023-10-1100:00:00

Code4rena

github.com

openzeppelin

library

upgrade

ens contracts

erc1155

vulnerability

mitigation

version 4.3.3

7.1 High

AI Score

Confidence

Low

JSON

Lines of code

Vulnerability details

Impact

the Op lib has some dangerous vulnerabilities in lower versions especially when you work with ERC1155

Openzeppelin already says the lower versions are vulnerable.

Affected versions

>= 4.2.0 < 4.3.3

Patched versions

4.3.3

look at this GHSA-wmpv-c2jp-j2xg

Proof of Concept

  "author": "ENS Team (@ensdomains)",
  "license": "MIT",
  "dependencies": {
    "@ensdomains/ens-contracts": "^0.0.7",
    "@openzeppelin/contracts": "^4.3.1",
    "keccak256": "^1.0.3"
  },

<https://github.com/code-423n4/2023-10-ens/blob/ed25379c06e42c8218eb1e80e141412496950685/package.json#L14-L15>

Tools Used

vs code

Recommended Mitigation Steps

upgrade versions to 4.3.3

Assessed type

Other

The text was updated successfully, but these errors were encountered:

All reactions

7.1 High

AI Score

Confidence

Low

JSON