13 matches found
EUVD-2021-1700
Malware in sbrugna...
CVE-2021-39167
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...
L1SCMgmtActivationAction does not check executor role of new and prev emergency security council
Lines of code Vulnerability details Proof of Concept GovernanceChainSCMgmtActivationAction.sol checks that the newEmergencySecurityCouncil has a upgradeExecutor role whereas the prevEmergencySecurityCouncil does not have a upgradeExecutor role. GovernanceChainSCMgmtActivationAction.sol // confirm...
Privilege Escalation
openzeppelin/contracts is vulnerable to privilege escalation. The vulnerability exists due to the lack of sanitization in the initializer function which allowed an actor with executor role to escalate privileges...
GHSA-VRW4-W73R-6MM8 TimelockController vulnerability in OpenZeppelin Contracts
Impact A vulnerability in TimelockController allowed an actor with the executor role to take immediate control of the timelock, by resetting the delay to 0 and escalating privileges, thus gaining unrestricted access to assets held in the contract. Instances with the executor role set to "open"...
GHSA-FG47-3C2X-M2WR TimelockController vulnerability in OpenZeppelin Contracts
Impact A vulnerability in TimelockController allowed an actor with the executor role to take immediate control of the timelock, by resetting the delay to 0 and escalating privileges, thus gaining unrestricted access to assets held in the contract. Instances with the executor role set to "open"...
CVE-2021-39168
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...
CVE-2021-39168
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...
Code injection
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...
Code injection
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...
CVE-2021-39168
OpenZeppelin's TimelockController vulnerability (OpenZeppelin Contracts) allows an actor with the executor role to escalate privileges. Affected: TimelockController in OpenZeppelin Contracts (readable as part of the OpenZeppelin Contracts library). Root cause: insufficient sanitization/controls a...
OpenZepplin 安全漏洞
OpenZepplin is a library for smart contract development. OpenZepplin has a security vulnerability that stems from a vulnerability in the TimelockController in the affected version that allows elevation of privilege for participants with the executor role...
OpenZepplin 安全漏洞
OpenZepplin is a library for smart contract development. A security vulnerability exists in OpenZepplin that allows a participant with the role of executor to elevate privileges...