169 matches found
CVE-2022-35915
OpenZeppelin Contracts contains a vulnerability in the ERC165 supportsInterface logic where querying a target contract can cause unbounded gas consumption by returning a large amount of data. The issue is fixed in version 4.7.2; users are advised to upgrade. There are no public workarounds noted....
CVE-2022-35915 Unbounded gas consumption in @openzeppelin/contracts
OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 supportsInterface query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue has been fixed in...
CVE-2022-35916 Cross chain utilities for Arbitrum L2 see EOA calls as cross chain calls
OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, CrossChainEnabledArbitrumL2 or LibArbitrumL2, will classify direct interactions of externally owned accounts EOAs as cross chain calls, even though they are not...
CVE-2022-35916 Cross chain utilities for Arbitrum L2 see EOA calls as cross chain calls
OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, CrossChainEnabledArbitrumL2 or LibArbitrumL2, will classify direct interactions of externally owned accounts EOAs as cross chain calls, even though they are not...
CVE-2022-31198 GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals in @openzeppelin/contracts
OpenZeppelin Contracts is a library for secure smart contract development. This issue concerns instances of Governor that use the module GovernorVotesQuorumFraction, a mechanism that determines quorum requirements as a percentage of the voting token's total supply. In affected instances, when a...
CVE-2022-31198 GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals in @openzeppelin/contracts
OpenZeppelin Contracts is a library for secure smart contract development. This issue concerns instances of Governor that use the module GovernorVotesQuorumFraction, a mechanism that determines quorum requirements as a percentage of the voting token's total supply. In affected instances, when a...
CVE-2022-31198 GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals in @openzeppelin/contracts
OpenZeppelin Contracts is a library for secure smart contract development. This issue concerns instances of Governor that use the module GovernorVotesQuorumFraction, a mechanism that determines quorum requirements as a percentage of the voting token's total supply. In affected instances, when a...
PT-2022-23021 · Openzeppelin · Openzeppelin Contracts
Name of the Vulnerable Software and Affected Versions: OpenZeppelin Contracts versions prior to 4.7.2 Description: The target contract of an EIP-165 supportsInterface query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a...
PT-2022-20606 · Openzeppelin · Openzeppelin Contracts
Name of the Vulnerable Software and Affected Versions: OpenZeppelin Contracts versions prior to 4.7.2 Description: This issue concerns instances of Governor that use the module GovernorVotesQuorumFraction, a mechanism that determines quorum requirements as a percentage of the voting token's total...
OpenZeppelin 安全漏洞
OpenZeppelin is a software application. A standard for secure blockchain applications. A security vulnerability exists in OpenZeppelin Contracts prior to version v4.7.2, which stems from the fact that this is a library for secure smart contract development, and that contracts using Arbitrum L2's...
PT-2022-23022 · Openzeppelin · Openzeppelin Contracts
Name of the Vulnerable Software and Affected Versions: OpenZeppelin Contracts versions prior to 4.7.2 Description: The issue affects contracts using the cross chain utilities for Arbitrum L2, specifically CrossChainEnabledArbitrumL2 or LibArbitrumL2. These contracts classify direct interactions o...
Authentication Bypass
@openzeppelin/contracts is vulnerable to authentication bypass. The vulnerability exists because the abi.decode is getting unexpectedly reverted in the isValidSignatureNow function of SignatureChecker.sol and supportsERC165Interfacedue function of ERC165Checker.soldue to the incorrect assumption...
CVE-2022-31172
OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to...
CVE-2022-31170
OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning false. ERC165Checker.supportsInterface is designed to always successfully return a boolean, and under no circumstance revert. However, an...
4337-snap (>=0.1.0 <=0.1.1), @0xabcdefg/smart-order-router (>=1.0.0 <=1.0.5) +1269 more potentially affected by CVE-2022-31172 via @openzeppelin/contracts (>=4.1.0 <=4.7.0)
@openzeppelin/contracts NPM version =4.1.0, =0.1.0, =1.0.0, =1.0.0, =3.24.7, =1.7.2, =1.0.0, =0.2.0, =4.14.3, =1.0.2, =4.0.0, =4.0.1, =2.0.0, =3.1.0 and more Source cves: CVE-2022-31172 Source advisory: OSV:GHSA-4G63-C64M-25W9...
4337-snap (>=0.1.0 <=0.1.1), @0xabcdefg/smart-order-router (>=1.0.0 <=1.0.5) +1270 more potentially affected by CVE-2022-31170 via @openzeppelin/contracts (>=4.0.0 <=4.7.0)
@openzeppelin/contracts NPM version =4.0.0, =0.1.0, =1.0.0, =1.0.0, =3.24.7, =1.7.2, =1.0.0, =0.2.0, =4.14.3, =1.0.2, =4.0.0, =4.0.1, =2.0.0, =3.1.0 and more Source cves: CVE-2022-31170 Source advisory: OSV:GHSA-QH9X-GCFH-PCRW...
CVE-2022-31170
OpenZeppelin Contracts (library for smart contract development) contains a vulnerability in versions 4.0.0 through 4.7.1 where ERC165Checker.supportsInterface may revert instead of returning false due to an incorrect assumption about Solidity 0.8 abi.decode. This affects contracts that use ERC165...
CVE-2022-31170 OpenZeppelin Contracts's ERC165Checker may revert instead of returning false
OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning false. ERC165Checker.supportsInterface is designed to always successfully return a boolean, and under no circumstance revert. However, an...
CVE-2022-31170 OpenZeppelin Contracts's ERC165Checker may revert instead of returning false
OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning false. ERC165Checker.supportsInterface is designed to always successfully return a boolean, and under no circumstance revert. However, an...
CVE-2022-31170 OpenZeppelin Contracts's ERC165Checker may revert instead of returning false
OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning false. ERC165Checker.supportsInterface is designed to always successfully return a boolean, and under no circumstance revert. However, an...