Lucene search
K

553 matches found

Code423n4
Code423n4
added 2023/09/07 12:0 a.m.16 views

Incorrect initialization of rUSDY.sol

Lines of code Vulnerability details Impact rUSDY.sol contract inherits PausableUpgradeable contract but does not invoke its initialzers during its own initialization. Due to which the state of PausableUpgradeable contract remain uninitialized. File: contracts/usdy/rUSDY.sol contract rUSDY is...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.11 views

Malicious user can prevent the creation of a proposal

Lines of code Vulnerability details Vulnerability Detail The LivepeerGovernor inherits OpenZeppelin's GovernorUpgradeable contract. The GovernorUpgradeable utilizes the hashProposal function to generate a unique hash when creating a new proposal. The hash depends solely on input parameters:...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.11 views

[H-01] GovernorCountingOverridable.castVoteBySig()/castVoteWithReasonAndParamsBySig(): Possible signature replay attacks to influence proposal execution

Lines of code Vulnerability details Impact In the GovernorCountingOverridable.sol inherited by LivePeerGovernor.sol, users can provide a signature to allow someone else to vote on their behalf using the castVoteBySig/castVoteWithReasonAndParamsBySig function since this functions are not overriden...

6.8AI score
Exploits0
Veracode
Veracode
added 2023/08/14 9:21 a.m.18 views

Improper Encoding

openzeppelin/contracts is vulnerable to Improper Encoding. The vulnerability exists due to improperly validating ERC2771Context which allows an attacker to cause unintended behavior in smart contracts that rely on the sender's accurate identification...

5.3CVSS6.7AI score0.00611EPSS
Exploits0References7Affected Software2
vulnersOsv
vulnersOsv
added 2023/08/11 7:0 p.m.6 views

4337-snap (>=0.1.0 <=0.1.1), @0xflair/contracts-registry (>=0.107.10 <=0.123.2) +410 more potentially affected by CVE-2023-40014 via @openzeppelin/contracts-upgradeable (>=4.2.0 <=4.9.2)

@openzeppelin/contracts-upgradeable NPM version =4.2.0, =0.1.0, =0.107.10, =1.9.0, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.107.0, =0.107.0, =0.107.0, =4.0.0, =2.0.0, =0.2.1-alpha, =0.2.1-beta2 and more Source cves: CVE-2023-40014 Source advisory: OSV:GHSA-G4VP-M682-QQMP...

5.3CVSS6AI score0.00611EPSS
Exploits0
NVD
NVD
added 2023/08/10 8:15 p.m.26 views

CVE-2023-40014

OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using ERC2771Context along with a custom trusted forwarder may see msgSender return address0 in calls that originate from the forwarder with calldata shorter...

5.3CVSS5.2AI score0.00611EPSS
Exploits0References6
Prion
Prion
added 2023/08/10 8:15 p.m.20 views

Design/Logic Flaw

OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using ERC2771Context along with a custom trusted forwarder may see msgSender return address0 in calls that originate from the forwarder with calldata shorter...

5CVSS5.2AI score0.00611EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2023/08/10 8:15 p.m.4 views

UBUNTU-CVE-2023-40014

OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using ERC2771Context along with a custom trusted forwarder may see msgSender return address0 in calls that originate from the forwarder with calldata shorter...

5.3CVSS5.7AI score0.00611EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2023/08/10 8:15 p.m.20 views

CVE-2023-40014

OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using ERC2771Context along with a custom trusted forwarder may see msgSender return address0 in calls that originate from the forwarder with calldata shorter...

5.3CVSS5.9AI score0.00611EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2023/08/10 7:52 p.m.13 views

CVE-2023-40014 OpenZeppelin Contracts's ERC2771Context with custom forwarder may lead to zero-valued _msgSender

OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using ERC2771Context along with a custom trusted forwarder may see msgSender return address0 in calls that originate from the forwarder with calldata shorter...

5.3CVSS5.2AI score0.00611EPSS
Exploits0References6
Cvelist
Cvelist
added 2023/08/10 7:52 p.m.41 views

CVE-2023-40014 OpenZeppelin Contracts's ERC2771Context with custom forwarder may lead to zero-valued _msgSender

OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using ERC2771Context along with a custom trusted forwarder may see msgSender return address0 in calls that originate from the forwarder with calldata shorter...

5.3CVSS5.5AI score0.00611EPSS
Exploits0References6
CVE
CVE
added 2023/08/10 7:52 p.m.56 views

CVE-2023-40014

OpenZeppelin Contracts (v4.0.0–v4.9.3) is vulnerable to an issue in ERC2771Context used with a custom trusted forwarder, where _msgSender may evaluate to address(0) for calls from the forwarder with calldata shorter than 20 bytes. The problem is not common for MinimalForwarder, as signer addresse...

5.3CVSS5.1AI score0.00611EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2023/08/10 7:52 p.m.16 views

CVE-2023-40014 OpenZeppelin Contracts's ERC2771Context with custom forwarder may lead to zero-valued _msgSender

OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using ERC2771Context along with a custom trusted forwarder may see msgSender return address0 in calls that originate from the forwarder with calldata shorter...

5.3CVSS5.3AI score0.00611EPSS
Exploits0References8
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.6 views

Anyone can call the perform function because there is no access control

Lines of code L31-L75 Vulnerability details Impact Anyone can call the perform function. It can lead to unauthorized changes in the security council. Proof of Concept There is no access control in the perform function and it is marked "external". function performaddress securityCouncil, address...

6.9AI score
Exploits0
CNNVD
CNNVD
added 2023/08/10 12:0 a.m.6 views

OpenZeppelin Security Vulnerability

OpenZeppelin is a software application. A standard for secure blockchain applications. A security vulnerability exists in OpenZeppelin Contracts version 4.0.0 through versions prior to 4.9.3, which stems from the signer address being appended to all calls originating from the transponder...

5.3CVSS6.7AI score0.00611EPSS
Exploits0References7
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.11 views

Consider Disabling Inherited _cancel Function In The Governor Contracts

Lines of code Vulnerability details Impact The currently used openzeppelin upgradeable contracts dependency @openzeppelin/contracts-upgradeable is v4.7.3 The security council management contracts are inheriting the openzeppelin GovernorUpgradeable contracts to manage proposals. This version of...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.17 views

check for the reentrancy attack is missed in the claim function

Lines of code Vulnerability details Impact the function claim in the LendingLedger.sol will send native token $CANTO to the msg.sender by .call which it can be EOA or Contracts, because there is no any RA checks the caller can make double call in the same time to get himself more tokens reward th...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/07 12:0 a.m.13 views

UNCHECKED TRANSFER

Lines of code Vulnerability details Impact Some tokens do not revert the transaction when transferFrom fails and returns False. Hence we must check the return value after calling the transfer or transferFrom function. Proof of Concept Check the last answer here: In short: Using...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/07/31 12:0 a.m.9 views

## [M-07] ERC20 return values not checked

Lines of code Vulnerability details Impact Tokens that don’t actually perform the transfer and return false are still counted as a correct transfer and the tokens remain in the SingleNativeTokenExitV2 contract and could potentially be stolen by someone else. Proof of Concept The ERC20.transfer an...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/31 12:0 a.m.13 views

Inaccurate implementation of ECDSA creates signature malleability

Lines of code Vulnerability details Impact The ecrecover function is an inherent cryptographic function within Solidity which enables the retrieval of the signer's address messages which have been signed with their private key. Of course, this is very important when it comes to verifying the...

6.8AI score
Exploits0
Rows per page
Query Builder