Offchain name resolution would fail despite the located DNS resolver being fully functional

Lines of code Vulnerability details Description In OffchainDNSResolver, resolveCallback parses resource records received off-chain and extracts the DNS resolver address: // Look for a valid ENS-DNS TXT record address dnsresolver, bytes memory context = parseRR iter.data, iter.rdataOffset,...

OpenZeppelin Contracts ERC165Checker unbounded gas consumption

Impact The target contract of an EIP-165 supportsInterface query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. Patches The issue has been fixed in v4.7.2. References...

Denial Of Service (DoS)

openzeppelin is vulnerable to denial of service DoS attacks. A malicious user is able to use a target contract of an EIP-165 supportsInterface query to cause unbounded resource consumption by returning a lot of data, causing the application to crash...

CVE-2022-35915

OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 supportsInterface query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue has been fixed in...