EUVD-2022-6398

Malicious code in bioql PyPI...

EUVD-2022-6503

Malicious code in bioql PyPI...

[adriro-NEW-M-02]: Wallet design prevents EIP-165 extensibility

Lines of code Vulnerability details adriro-NEW-M-02: Wallet design prevents EIP-165 extensibility The current wallet fallback design prevents the extensibility of the EIP-165 functionality. Impact Ambire wallet extensibility is provided by a fallback mechanism. If a fallback handler is defined in...

OpenZeppelin Contracts ERC165Checker unbounded gas consumption

Impact The target contract of an EIP-165 supportsInterface query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. Patches The issue has been fixed in v4.7.2. References...

Denial Of Service (DoS)

openzeppelin is vulnerable to denial of service DoS attacks. A malicious user is able to use a target contract of an EIP-165 supportsInterface query to cause unbounded resource consumption by returning a lot of data, causing the application to crash...

CVE-2022-35915

OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 supportsInterface query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue has been fixed in...

Design/Logic Flaw

OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 supportsInterface query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue has been fixed in...

CVE-2022-35915

OpenZeppelin Contracts contains a vulnerability in the ERC165 supportsInterface logic where querying a target contract can cause unbounded gas consumption by returning a large amount of data. The issue is fixed in version 4.7.2; users are advised to upgrade. There are no public workarounds noted....

CVE-2022-35915 Unbounded gas consumption in @openzeppelin/contracts

OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 supportsInterface query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue has been fixed in...

CVE-2022-31170

OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning false. ERC165Checker.supportsInterface is designed to always successfully return a boolean, and under no circumstance revert. However, an...

GHSA-QH9X-GCFH-PCRW OpenZeppelin Contracts's ERC165Checker may revert instead of returning false

Impact ERC165Checker.supportsInterface is designed to always successfully return a boolean, and under no circumstance revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to revert, given a target contract that doesn't implement EIP-165 as expected,...

PT-2022-20584 · Openzeppelin · Openzeppelin Contracts

Name of the Vulnerable Software and Affected Versions: OpenZeppelin Contracts versions 4.0.0 through 4.7.1 Description: The issue concerns the ERC165Checker in OpenZeppelin Contracts, which may revert instead of returning false under certain conditions. Specifically, this occurs when a target...