Lucene search
K

28 matches found

Prion
Prion
added 2022/07/22 4:15 a.m.17 views

Design/Logic Flaw

OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to...

5CVSS7.4AI score0.00413EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/07/21 2:0 p.m.17 views

CVE-2022-31170 OpenZeppelin Contracts's ERC165Checker may revert instead of returning false

OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning false. ERC165Checker.supportsInterface is designed to always successfully return a boolean, and under no circumstance revert. However, an...

7.5CVSS7.4AI score0.00648EPSS
Exploits0References4
OSV
OSV
added 2022/07/21 1:55 p.m.34 views

CVE-2022-31172 OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers

OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to...

7.5CVSS7.3AI score0.00413EPSS
Exploits0References4
CVE
CVE
added 2022/07/21 1:55 p.m.104 views

CVE-2022-31172

OpenZeppelin Contracts (library) is affected by CVE-2022-31172 in versions 4.1.0–4.7.1, where SignatureChecker.isValidSignatureNow may revert due to an incorrect assumption about Solidity 0.8 ABI decoding, especially when a target contract does not implement EIP-1271 as expected. The vulnerabilit...

7.5CVSS7.4AI score0.00413EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/07/15 5:50 p.m.96 views

CVE-2022-31153

OpenZeppelin Contracts for Cairo (v0.2.0) contains a bug that renders account contracts unusable on live networks. The issue affects all accounts (vanilla and Ethereum flavors) in the v0.2.0 release and only Goerli deployments are affected; StarkNet’s testing framework does not exhibit the faulty...

6.5CVSS6.4AI score0.01115EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2021/11/12 6:15 p.m.23 views

CVE-2021-41264

OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using UUPSUpgradeable may be vulnerable to an attack affecting uninitialized implementation contracts. A fix is included in version 4.3.2 of @openzeppelin/contracts and...

9.8CVSS6.7AI score
Exploits0References3
CVE
CVE
added 2021/11/12 5:55 p.m.63 views

CVE-2021-41264

OpenZeppelin CVE-2021-41264 affects upgradeable contracts using UUPSUpgradeable due to uninitialized implementation contracts. The vulnerability is addressed in version 4.3.2 of @openzeppelin/contracts and @openzeppelin/contracts-upgradeable. If upgrading is not possible, a mitigation is to initi...

9.8CVSS9.4AI score0.01439EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2021/08/27 12:15 a.m.16 views

Code injection

OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...

7.5CVSS9.5AI score0.0159EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder