25 matches found
CVE-2022-31170
OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning false. ERC165Checker.supportsInterface is designed to always successfully return a boolean, and under no circumstance revert. However, an...
EUVD-2021-1903
Malware in sbrugna...
EUVD-2021-1700
Malware in sbrugna...
EUVD-2023-1907
Malicious code in bioql PyPI...
EUVD-2023-1704
Malicious code in bioql PyPI...
EUVD-2023-1247
Malicious code in bioql PyPI...
EUVD-2024-0602
Malicious code in bioql PyPI...
CVE-2022-31172
OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to...
CVE-2024-27094
OpenZeppelin Contracts is a library for secure smart contract development. The Base64.encode function encodes a bytes input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The...
CVE-2024-27094 OpenZeppelin Contracts base64 encoding may read from potentially dirty memory
OpenZeppelin Contracts is a library for secure smart contract development. The Base64.encode function encodes a bytes input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The...
CVE-2024-27094 OpenZeppelin Contracts base64 encoding may read from potentially dirty memory
OpenZeppelin Contracts is a library for secure smart contract development. The Base64.encode function encodes a bytes input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The...
OpenZeppelin Contracts vulnerable to Improper Escaping of Output
Impact OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using ERC2771Context along with a custom trusted forwarder may see msgSender return address0 in calls that originate from the forwarder with calldata...
CVE-2023-34459
OpenZeppelin Contracts (versions 4.7.0–4.9.1) are affected by a multiproof forgery issue when using verifyMultiProof/verifyMultiProofCalldata/processMultiProof/processMultiProofCalldata. If the merkle tree includes a node with value 0 at depth 1 under the root, a adversarial or certain benign tre...
CVE-2023-34234
OpenZeppelin Contracts’ Governor-related vulnerability (CVE-2023-34234) allows an attacker to frontrun the creation of a proposal, enabling the attacker to become the proposer and repeatedly cancel proposals. Affected: Governor (v4.9.0) and GovernorCompatibilityBravo (since v4.3.0). Root cause: l...
CVE-2023-30541 TransparentUpgradeableProxy clashing selector calls may not be delegated in @openzeppelin/contracts
OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding,...
CVE-2023-30541 TransparentUpgradeableProxy clashing selector calls may not be delegated in @openzeppelin/contracts
OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding,...
CVE-2022-31198
OpenZeppelin Contracts: GovernorVotesQuorumFraction vulnerability where lowering quorum could make past defeated proposals executable if votes meet the new quorum. Affected: GovernorVotesQuorumFraction-based governors in OpenZeppelin Contracts. Root cause: quorum is a percentage of total supply, ...
CVE-2022-31172
OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to...
Design/Logic Flaw
OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to...
CVE-2022-31170 OpenZeppelin Contracts's ERC165Checker may revert instead of returning false
OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning false. ERC165Checker.supportsInterface is designed to always successfully return a boolean, and under no circumstance revert. However, an...