14 matches found
EUVD-2023-1359
Malicious code in bioql PyPI...
CVE-2023-30541
OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding,...
Vyper's external calls can overflow return data to return input buffer
Summary When calls to external contracts are made, we write the input buffer starting at byte 28, and allocate the return buffer to start at byte 0 overlapping with the input buffer. When checking RETURNDATASIZE for dynamic types, the size is compared only to the minimum allowed size for that typ...
Interpretation Conflict
@openzeppelin/contracts is vulnerable to Interpretation Conflict. The vulnerability exists because the TransparentUpgradeableProxy clashing selector calls may not be delegated if the clashing function has a different signature with incompatible ABI encoding, which could lead to proxy revert while...
CVE-2023-30541
OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding,...
CVE-2023-30541 TransparentUpgradeableProxy clashing selector calls may not be delegated in @openzeppelin/contracts
OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding,...
CVE-2023-30541 TransparentUpgradeableProxy clashing selector calls may not be delegated in @openzeppelin/contracts
OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding,...
CVE-2023-30541
OpenZeppelin Contracts vulnerability CVE-2023-30541: The TransparentUpgradeableProxy can fail to delegate a function if its selector clashes with the proxy’s own selectors, causing a revert during calldata decoding when signatures are incompatible. The issue has been fixed in version 4.8.3. Impac...
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated
Impact A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding, the proxy could revert while attempting to decode the arguments from...
GHSA-MX2Q-35M2-X2RH OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated
Impact A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding, the proxy could revert while attempting to decode the arguments from...
Contracts are susceptible for Head Overflow Bug in Calldata
Lines of code Vulnerability details Impact ABI-encoding a tuple with a statically-sized calldata array in the last component would corrupt 32 leading bytes of its first dynamically encoded component. Proof of Concept The functions are taking input arguments as calldata. Following contracts are...
Incorrect Creation Of Governance Proposals
@openzeppelin/contracts performs incorrect creation of governance proposals. Using bad ABI encoding in GovernorCompatibilityBravo with explicit function signatures along with calldata results in incorrect creation of governance proposals with incorrect arguments...
GHSA-M6W8-FQ7V-PH4M GovernorCompatibilityBravo incorrect ABI encoding may lead to unexpected behavior
Impact The GovernorCompatibilityBravo module may lead to the creation of governance proposals that execute function calls with incorrect arguments due to bad ABI encoding. This happens if the proposal is created using explicit function signatures, e.g. a proposal to invoke the function foouint256...
GovernorCompatibilityBravo incorrect ABI encoding may lead to unexpected behavior
Impact The GovernorCompatibilityBravo module may lead to the creation of governance proposals that execute function calls with incorrect arguments due to bad ABI encoding. This happens if the proposal is created using explicit function signatures, e.g. a proposal to invoke the function foouint256...