CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

Code423n4•added 2023/02/02 12:0 a.m.•8 views

DOS mint and add by frontrunning

Lines of code Vulnerability details Impact CidNFT.mintbytes allow user to mint and add subprotocol NFTs directly after minting. The addList args to the add call include the cidNFTID param, which can change if there are other mint before the user's transaction. Proof of Concept An attacker can DOS...

6.8AI score

Exploits0

Veracode•added 2022/07/22 4:54 a.m.•19 views

Authentication Bypass

@openzeppelin/contracts is vulnerable to authentication bypass. The vulnerability exists because the abi.decode is getting unexpectedly reverted in the isValidSignatureNow function of SignatureChecker.sol and supportsERC165Interfacedue function of ERC165Checker.soldue to the incorrect assumption...

7.5CVSS7.3AI score0.00175EPSS

Exploits0References5Affected Software4

Prion•added 2022/07/22 4:15 a.m.•8 views

Design/Logic Flaw

OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to...

5CVSS7.4AI score0.00175EPSS

Exploits0References2Affected Software1

OSV•added 2022/07/21 10:33 p.m.•18 views

GHSA-4G63-C64M-25W9 OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers

Impact SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to revert, given a target contract that doesn't implement EIP-1271 as expected. The contracts that may be affected are those that use...

7.5CVSS7.4AI score0.00175EPSS

Exploits0References3