20 matches found
EUVD-2021-1903
Malware in sbrugna...
EUVD-2021-1700
Malware in sbrugna...
CVE-2021-39167
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...
CVE-2021-39168
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...
Upgraded Q -> 2 from #320 [1699029580772]
Judge has assessed an item in Issue 320 as 2 risk. The relevant finding follows: 2. The governor setting not reliable The initial setting for the voting period in ODGovernor is 15 block, which can be too tight for the governance. Based on Arbitrum block time, which is about 0.26 seconds, which ca...
DAO proposals can be executed by anyone due to vulnerable TimelockController
Handle cmichel Vulnerability details Vulnerability Details The GovernorAlpha inherits from a vulnerable TimelockController. This TimelockController allows an EXECUTOR role to escalate privileges and also gain the proposer role. See details on OZ and the fix here. The bug is that executeBatch chec...
Reentrancy Bug in TimelockController.sol
Handle leastwood Vulnerability details Impact Notional's governance framework utilises a fork of Compound's Governor Alpha and ERC20 token. These are denoted specifically as the GovernorAlpha.sol and NoteERC20.sol contracts. However, the GovernorAlpha.sol has a key difference when compared to...
TimelockController vulnerability in OpenZeppelin Contracts
Impact A vulnerability in TimelockController allowed an actor with the executor role to take immediate control of the timelock, by resetting the delay to 0 and escalating privileges, thus gaining unrestricted access to assets held in the contract. Instances with the executor role set to "open"...
TimelockController vulnerability in OpenZeppelin Contracts
Impact A vulnerability in TimelockController allowed an actor with the executor role to take immediate control of the timelock, by resetting the delay to 0 and escalating privileges, thus gaining unrestricted access to assets held in the contract. Instances with the executor role set to "open"...
Privilege Escalation
@openzeppelin/contracts is vulnerable to privilege escalation. The vulnerability exists due to the lack of sanitization of roles in the TimelockController function which allowed an actor with executor role to escalate privileges...
CVE-2021-39168
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...
CVE-2021-39168
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...
CVE-2021-39167
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...
CVE-2021-39167
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...
Code injection
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...
Code injection
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...
CVE-2021-39167
OpenZeppelin Contracts TimelockController vulnerability (CVE-2021-39167) affects the TimelockController in OpenZeppelin’s smart contract library. The issue allows an actor with the executor role to escalate privileges, potentially gaining control over assets. Mitigation in public advisories recom...
CVE-2021-39167 TimelockController vulnerability in OpenZeppelin Contracts
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...
CVE-2021-39168 TimelockController vulnerability in OpenZeppelin Contracts
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...
CVE-2021-39168
OpenZeppelin's TimelockController vulnerability (OpenZeppelin Contracts) allows an actor with the executor role to escalate privileges. Affected: TimelockController in OpenZeppelin Contracts (readable as part of the OpenZeppelin Contracts library). Root cause: insufficient sanitization/controls a...