6 matches found
4337-snap (>=0.1.0 <=0.1.1), @0xflair/contracts-registry (>=0.107.10 <=0.123.2) +432 more potentially affected by CVE-2024-27094 via @openzeppelin/contracts-upgradeable (>=4.5.0 <=4.9.5)
@openzeppelin/contracts-upgradeable NPM version =4.5.0, =0.1.0, =0.107.10, =1.9.0, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.107.0, =0.107.0, =0.107.0, =4.0.0, =2.0.0, =0.2.1-alpha, =0.2.1-beta2 and more Source cves: CVE-2024-27094 Source advisory: OSV:GHSA-9VX6-7XXF-X967...
@etherisc/gif-next (>=0.0.2-0a7d082-551 <=0.0.2-ff8087d-237), @ethsign/sign-protocol-evm (>=1.0.0 <=1.1.3) +9 more potentially affected by CVE-2024-27094 via @openzeppelin/contracts-upgradeable (>=5.0.0 <=5.0.1)
@openzeppelin/contracts-upgradeable NPM version =5.0.0, =0.0.2-0a7d082-551, =1.0.0, =2.5.5, =1.0.0, =1.0.0-beta-rc1, =0.0.1, =1.0.1, =0.1.0, =0.1.0-alpha.10 Source cves: CVE-2024-27094 Source advisory: OSV:GHSA-9VX6-7XXF-X967...
Upgradable liberty
Lines of code Vulnerability details Impact Instead of using @openzeppelin/contracts, use the upgradable liberty for contracts that should be able to be upgraded. This is the library that should be used :@openzeppelin/contracts-upgradeable Proof of Concept For more info have a look at this resourc...
Upgradeable
Lines of code Vulnerability details Impact Since the contract OndoPriceOracle.sol is a critical contract it should have room to be upgrade, either use the library @openzeppelin/contracts-upgradeable or leave a storage gap. An example of this would be to add this line: uint25650 private gap; Proof...
[WP-H0] Wrong implementation of EIP712MetaTransaction
Lines of code Vulnerability details 1. EIP712MetaTransaction is a utils contract that intended to be inherited by concrete actual contracts, therefore. it's initializer function should not use the initializer modifier, instead, it should use onlyInitializing modifier. See the implementation of...
@biconomy/hyphen-contracts (=1.0.4), @devprotocol/protocol-l2 (>=0.0.1 <=0.0.2) +8 more potentially affected by unknown CVE via @openzeppelin/contracts-upgradeable (>=4.2.0 <=4.3.1)
@openzeppelin/contracts-upgradeable NPM version =4.2.0, =0.0.1, =1.1.2, =1.0.1, =1.1.2, =1.0.0, =0.8.1-pr-brioux-1333.92b26c3a.36, =1.0.5, =2.3.0, =2.3.2 Source cves: unknown CVE Source advisory: OSV:GHSA-Q4H9-46XG-M3X9...