13 matches found
CVE-2022-31170
OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning false. ERC165Checker.supportsInterface is designed to always successfully return a boolean, and under no circumstance revert. However, an...
EUVD-2022-6398
Malicious code in bioql PyPI...
Improper Input Validation
@openzeppelin/contracts and @openzeppelin/contracts-upgradeable are vulnerable to improper input validation. The vulnerability exists because an incorrect assumption about Solidity 0.8's abi.decode allows ERC165Checker to revert instead of returning false via a specifically crafted input request...
Authentication Bypass
@openzeppelin/contractsvulnerable to improper input validation. The vulnerability exists in the ERC165Checker function in ERC165Checker.sol and ERC165CheckerUpgradeable function in ERC165CheckerUpgradeable.sol due to the incorrect assumption about abi.decode which allows a malicious user to pass ...
CVE-2022-31170
OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning false. ERC165Checker.supportsInterface is designed to always successfully return a boolean, and under no circumstance revert. However, an...
Authentication flaw
OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning false. ERC165Checker.supportsInterface is designed to always successfully return a boolean, and under no circumstance revert. However, an...
GHSA-QH9X-GCFH-PCRW OpenZeppelin Contracts's ERC165Checker may revert instead of returning false
Impact ERC165Checker.supportsInterface is designed to always successfully return a boolean, and under no circumstance revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to revert, given a target contract that doesn't implement EIP-165 as expected,...
OpenZeppelin Contracts's ERC165Checker may revert instead of returning false
Impact ERC165Checker.supportsInterface is designed to always successfully return a boolean, and under no circumstance revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to revert, given a target contract that doesn't implement EIP-165 as expected,...
CVE-2022-31170
OpenZeppelin Contracts (library for smart contract development) contains a vulnerability in versions 4.0.0 through 4.7.1 where ERC165Checker.supportsInterface may revert instead of returning false due to an incorrect assumption about Solidity 0.8 abi.decode. This affects contracts that use ERC165...
CVE-2022-31170 OpenZeppelin Contracts's ERC165Checker may revert instead of returning false
OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning false. ERC165Checker.supportsInterface is designed to always successfully return a boolean, and under no circumstance revert. However, an...
CVE-2022-31170 OpenZeppelin Contracts's ERC165Checker may revert instead of returning false
OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning false. ERC165Checker.supportsInterface is designed to always successfully return a boolean, and under no circumstance revert. However, an...
CVE-2022-31170 OpenZeppelin Contracts's ERC165Checker may revert instead of returning false
OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning false. ERC165Checker.supportsInterface is designed to always successfully return a boolean, and under no circumstance revert. However, an...
PT-2022-20584 · Openzeppelin · Openzeppelin Contracts
Name of the Vulnerable Software and Affected Versions: OpenZeppelin Contracts versions 4.0.0 through 4.7.1 Description: The issue concerns the ERC165Checker in OpenZeppelin Contracts, which may revert instead of returning false under certain conditions. Specifically, this occurs when a target...