169 matches found
CVE-2023-40014 OpenZeppelin Contracts's ERC2771Context with custom forwarder may lead to zero-valued _msgSender
OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using ERC2771Context along with a custom trusted forwarder may see msgSender return address0 in calls that originate from the forwarder with calldata shorter...
CVE-2023-40014 OpenZeppelin Contracts's ERC2771Context with custom forwarder may lead to zero-valued _msgSender
OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using ERC2771Context along with a custom trusted forwarder may see msgSender return address0 in calls that originate from the forwarder with calldata shorter...
CVE-2023-40014 OpenZeppelin Contracts's ERC2771Context with custom forwarder may lead to zero-valued _msgSender
OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using ERC2771Context along with a custom trusted forwarder may see msgSender return address0 in calls that originate from the forwarder with calldata shorter...
4337-snap (>=0.1.0 <=0.1.1), @0xabcdefg/smart-order-router (>=1.0.0 <=1.0.5) +1218 more potentially affected by CVE-2023-34459 via @openzeppelin/contracts (>=4.7.0 <=4.9.1)
@openzeppelin/contracts NPM version =4.7.0, =0.1.0, =1.0.0, =1.0.0, =3.24.7, =1.7.2, =0.107.10, =1.9.0, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.107.0, =0.107.0, =0.123.2 and more Source cves: CVE-2023-34459 Source advisory: OSV:GHSA-WPRV-93R4-JJ2P...
CVE-2023-34459 OpenZeppelin Contracts's MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, when the verifyMultiProof, verifyMultiProofCalldata, procesprocessMultiProof, or processMultiProofCalldat functions are in use, it is possible to construct merkle trees that...
CVE-2023-34459 OpenZeppelin Contracts's MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, when the verifyMultiProof, verifyMultiProofCalldata, procesprocessMultiProof, or processMultiProofCalldat functions are in use, it is possible to construct merkle trees that...
CVE-2023-34459
OpenZeppelin Contracts (versions 4.7.0–4.9.1) are affected by a multiproof forgery issue when using verifyMultiProof/verifyMultiProofCalldata/processMultiProof/processMultiProofCalldata. If the merkle tree includes a node with value 0 at depth 1 under the root, a adversarial or certain benign tre...
4337-snap (>=0.1.0 <=0.1.1), @0xabcdefg/smart-order-router (>=1.0.0 <=1.0.5) +1469 more potentially affected by CVE-2023-34234 via @openzeppelin/contracts (>=4.3.0 <=4.9.0)
@openzeppelin/contracts NPM version =4.3.0, =0.1.0, =1.0.0, =1.0.0, =3.24.7, =1.7.2, =0.107.10, =1.9.0, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.107.0, =0.107.0, =0.123.2 and more Source cves: CVE-2023-34234 Source advisory: OSV:GHSA-5H3X-9WVQ-W4M2...
CVE-2023-34234
OpenZeppelin Contracts is a library for smart contract development. By frontrunning the creation of a proposal, an attacker can become the proposer and gain the ability to cancel it. The attacker can do this repeatedly to try to prevent a proposal from being proposed at all. This impacts the...
CVE-2023-34234
OpenZeppelin Contracts’ Governor-related vulnerability (CVE-2023-34234) allows an attacker to frontrun the creation of a proposal, enabling the attacker to become the proposer and repeatedly cancel proposals. Affected: Governor (v4.9.0) and GovernorCompatibilityBravo (since v4.3.0). Root cause: l...
CVE-2023-34234 Governor proposal creation may be blocked by frontrunning in OpenZeppelin
OpenZeppelin Contracts is a library for smart contract development. By frontrunning the creation of a proposal, an attacker can become the proposer and gain the ability to cancel it. The attacker can do this repeatedly to try to prevent a proposal from being proposed at all. This impacts the...
CVE-2023-34234 Governor proposal creation may be blocked by frontrunning in OpenZeppelin
OpenZeppelin Contracts is a library for smart contract development. By frontrunning the creation of a proposal, an attacker can become the proposer and gain the ability to cancel it. The attacker can do this repeatedly to try to prevent a proposal from being proposed at all. This impacts the...
OpenZeppelin 安全漏洞
OpenZeppelin is a software application. A standard for secure blockchain applications. A security vulnerability exists in OpenZeppelin Contracts versions prior to 4.3.0 through 4.9.1 that stems from allowing an attacker to gain the ability to cancel a proposal by creating it in advance...
CVE-2023-30541 TransparentUpgradeableProxy clashing selector calls may not be delegated in @openzeppelin/contracts
OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding,...
CVE-2023-30541 TransparentUpgradeableProxy clashing selector calls may not be delegated in @openzeppelin/contracts
OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding,...
CVE-2023-30541 TransparentUpgradeableProxy clashing selector calls may not be delegated in @openzeppelin/contracts
OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding,...
0x-hunter-core (>=1.0.0-33 <=1.0.0-38), 1155-to-20 (>=1.0.0 <=1.0.2) +3140 more potentially affected by CVE-2023-30541 via @openzeppelin/contracts (>=3.2.0 <=4.8.2)
@openzeppelin/contracts NPM version =3.2.0, =1.0.0-33, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =1.9.1, =3.24.7, =1.7.2, =3.10.3, =0.107.10, =1.9.0, =0.107.0, =0.107.0, =0.123.2 and more Source cves: CVE-2023-30541 Source advisory: OSV:GHSA-MX2Q-35M2-X2RH...
OpenZeppelin 安全漏洞
OpenZeppelin is a software application. A standard for secure blockchain applications. A security vulnerability exists in OpenZeppelin Contracts prior to version 4.8.3, which stems from the fact that if conflicting functions have different signatures and incompatible ABI encodings, an agent may...
CVE-2023-30542
OpenZeppelin Contracts is a library for secure smart contract development. The proposal creation entrypoint propose in GovernorCompatibilityBravo allows the creation of proposals with a signatures array shorter than the calldatas array. This causes the additional elements of the latter to be...
Design/Logic Flaw
OpenZeppelin Contracts is a library for secure smart contract development. The proposal creation entrypoint propose in GovernorCompatibilityBravo allows the creation of proposals with a signatures array shorter than the calldatas array. This causes the additional elements of the latter to be...