4 matches found
CVE-2022-31172
OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to...
4337-snap (>=0.1.0 <=0.1.1), @0xabcdefg/smart-order-router (>=1.0.0 <=1.0.5) +1274 more potentially affected by CVE-2022-31172 via @openzeppelin/contracts (>=4.1.0 <=4.7.0)
@openzeppelin/contracts NPM version =4.1.0, =0.1.0, =1.0.0, =1.0.0, =3.24.7, =1.7.2, =1.0.0, =0.2.0, =4.14.3, =1.0.2, =4.0.0, =4.0.1, =2.0.0, =3.1.0 and more Source cves: CVE-2022-31172 Source advisory: OSV:GHSA-4G63-C64M-25W9...
CVE-2022-31172 OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers
OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to...
CVE-2022-31172
OpenZeppelin Contracts (library) is affected by CVE-2022-31172 in versions 4.1.0–4.7.1, where SignatureChecker.isValidSignatureNow may revert due to an incorrect assumption about Solidity 0.8 ABI decoding, especially when a target contract does not implement EIP-1271 as expected. The vulnerabilit...