CVE-2023-23940

OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. isvalidethsignature is missing a call to finalizekeccak after calling verifyethsignature. As a result, any contract using isvalidethsignature from the...

CVE-2023-23940

OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. isvalidethsignature is missing a call to finalizekeccak after calling verifyethsignature. As a result, any contract using isvalidethsignature from the...

CVE-2023-23940 OpenZeppelin Contracts for Cairo is vulnerable to signature validation bypass

OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. isvalidethsignature is missing a call to finalizekeccak after calling verifyethsignature. As a result, any contract using isvalidethsignature from the...

PT-2023-19311 · Openzeppelin · Openzeppelin Contracts For Cairo

Name of the Vulnerable Software and Affected Versions: OpenZeppelin Contracts for Cairo versions prior to 0.6.1 Description: The issue is related to the is valid eth signature function missing a call to finalize keccak after calling verify eth signature. This allows a malicious sequencer to bypas...