5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
0.001 Low
EPSS
Percentile
39.3%
The target contract of an EIP-165 supportsInterface
query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost.
The issue has been fixed in v4.7.2.
https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3587
If you have any questions or comments about this advisory, or need assistance deploying a fix, email us at [email protected].