Lucene search
K

77 matches found

vulnersOsv
vulnersOsv
added 2025/07/17 9:19 p.m.16 views

@originalworks/protocol-core-contracts (>=0.0.4 <=0.0.8), @pendle/boros-core (>=1.0.0 <=1.0.6) +13 more potentially affected by CVE-2025-54070 via @openzeppelin/contracts-upgradeable (>=5.2.0 <=5.3.0)

@openzeppelin/contracts-upgradeable NPM version =5.2.0, =0.0.4, =1.0.0, =0.1.0, =0.4.27, =0.3.0, =0.5.3, =7.9.0-maine3c28f1, =3.0.0, =1.0.0-alpha.1, =0.3.0, =0.3.0, =0.3.2, =0.1.0, =0.1.0, =0.2.0, =0.3.2 Source cves: CVE-2025-54070 Source advisory: OSV:GHSA-9RCW-C2F9-2J55...

6.9CVSS5.7AI score0.00334EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/02/29 8:9 p.m.5 views

4337-snap (>=0.1.0 <=0.1.1), @0xflair/contracts-registry (>=0.107.10 <=0.123.2) +432 more potentially affected by CVE-2024-27094 via @openzeppelin/contracts-upgradeable (>=4.5.0 <=4.9.5)

@openzeppelin/contracts-upgradeable NPM version =4.5.0, =0.1.0, =0.107.10, =1.9.0, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.107.0, =0.107.0, =0.107.0, =4.0.0, =2.0.0, =0.2.1-alpha, =0.2.1-beta2 and more Source cves: CVE-2024-27094 Source advisory: OSV:GHSA-9VX6-7XXF-X967...

7.4CVSS6.5AI score0.00763EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/02/29 8:9 p.m.7 views

@etherisc/gif-next (>=0.0.2-0a7d082-551 <=0.0.2-ff8087d-237), @ethsign/sign-protocol-evm (>=1.0.0 <=1.1.3) +9 more potentially affected by CVE-2024-27094 via @openzeppelin/contracts-upgradeable (>=5.0.0 <=5.0.1)

@openzeppelin/contracts-upgradeable NPM version =5.0.0, =0.0.2-0a7d082-551, =1.0.0, =2.5.5, =1.0.0, =1.0.0-beta-rc1, =0.0.1, =1.0.1, =0.1.0, =0.1.0-alpha.10 Source cves: CVE-2024-27094 Source advisory: OSV:GHSA-9VX6-7XXF-X967...

7.4CVSS6.5AI score0.00763EPSS
Exploits0
Code423n4
Code423n4
added 2023/11/15 12:0 a.m.80 views

Use contracts-upgradeable instead of contract variants of OpenZeppelin

Lines of code Vulnerability details Impact OpenZeppelin’s contracts variants when used with upgradeability will result in negative impact on the overall contract functionality. Check this OpenZeppelin warning about mixing contract variants with upgradeable-contract. Proof of Concept Upgradeable...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/25 12:0 a.m.13 views

Updating safeManager reference in Vault721 will brick transfer of safes

Lines of code Vulnerability details Impact Updating safeManager reference in Vault721 will brick safe transfers since the state of the new ODSafeManager instance won't have corresponding data. In addition, it is not clear how it would be possible to achieve seamless migration as particular...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/04 12:0 a.m.7 views

XVSVault implementation cannot be upgraded due to lack of proper mechanism

Lines of code Vulnerability details Summary The XVSVault is expected to be upgradeable in context of xvs staked for claim to venus prime token. The XVSVault will be updated in the Prime.sol with the initializefunction. Impact The Prime.sol cannot be upgraded as clearly mentioned in the scoping...

7.2AI score
Exploits0
vulnersOsv
vulnersOsv
added 2023/08/11 7:0 p.m.6 views

4337-snap (>=0.1.0 <=0.1.1), @0xflair/contracts-registry (>=0.107.10 <=0.123.2) +410 more potentially affected by CVE-2023-40014 via @openzeppelin/contracts-upgradeable (>=4.2.0 <=4.9.2)

@openzeppelin/contracts-upgradeable NPM version =4.2.0, =0.1.0, =0.107.10, =1.9.0, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.107.0, =0.107.0, =0.107.0, =4.0.0, =2.0.0, =0.2.1-alpha, =0.2.1-beta2 and more Source cves: CVE-2023-40014 Source advisory: OSV:GHSA-G4VP-M682-QQMP...

5.3CVSS6AI score0.00611EPSS
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.11 views

Consider Disabling Inherited _cancel Function In The Governor Contracts

Lines of code Vulnerability details Impact The currently used openzeppelin upgradeable contracts dependency @openzeppelin/contracts-upgradeable is v4.7.3 The security council management contracts are inheriting the openzeppelin GovernorUpgradeable contracts to manage proposals. This version of...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/21 12:0 a.m.11 views

onlyProxy MODIFIER CAN BE BYPASSED BY A MALICIOUS PROXY CONTRACT AND CAN PUSH THE IMPLEMENTATION CONTRACT INTO AN UNDESIRABLE STATE

Lines of code Vulnerability details Impact The Upgradeable.onlyProxy modifier is used to ensure that a function can only be called by the proxy and can not be directly called in the Upgradeable.sol contract. The onlyProxy modifier implementation is as follows: modifier onlyProxy // Prevent setup...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/13 12:0 a.m.6 views

Missing Storage Gap in Upgradeable Contract

Lines of code Vulnerability details Impact The current ERC721CheckpointableUpgradeable contract doesn't have any reserved storage gap. However, any logic contract that serves as a foundational contract and is expected to be inherited by other upgradable children should preserve a reasonable amoun...

6.7AI score
Exploits0
vulnersOsv
vulnersOsv
added 2023/06/19 7:46 p.m.6 views

4337-snap (>=0.1.0 <=0.1.1), @0xflair/contracts-registry (>=0.107.10 <=0.123.2) +336 more potentially affected by CVE-2023-34459 via @openzeppelin/contracts-upgradeable (>=4.7.0 <=4.8.3)

@openzeppelin/contracts-upgradeable NPM version =4.7.0, =0.1.0, =0.107.10, =1.9.0, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.107.0, =0.107.0, =0.107.0, =4.0.0, =2.0.0, =3.1.0 - @abheektripathy/nftpass =1.1.0 and more Source cves: CVE-2023-34459 Source advisory:...

5.9CVSS6.2AI score0.00371EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/06/08 6:3 p.m.5 views

4337-snap (>=0.1.0 <=0.1.1), @0xflair/contracts-registry (>=0.107.10 <=0.123.2) +375 more potentially affected by CVE-2023-34234 via @openzeppelin/contracts-upgradeable (>=4.3.0 <=4.8.3)

@openzeppelin/contracts-upgradeable NPM version =4.3.0, =0.1.0, =0.107.10, =1.9.0, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.107.0, =0.107.0, =0.107.0, =4.0.0, =2.0.0, =0.2.1-alpha, =0.2.1-beta2 and more Source cves: CVE-2023-34234 Source advisory: OSV:GHSA-5H3X-9WVQ-W4M2...

5.3CVSS6AI score0.00595EPSS
Exploits0
Code423n4
Code423n4
added 2023/05/04 12:0 a.m.10 views

State variables are initialized in an upgradeable contract + there is constructor

Lines of code Vulnerability details Impact Due to a requirement of the proxy-based upgradeability system, no constructors can be used in upgradeable contracts. State variables are initialized in an upgradeable contract Proof of Concept See -upgradeableavoid-initial-values-in-field-declarations...

6.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2023/04/20 2:11 p.m.7 views

4337-snap (>=0.1.0 <=0.1.1), @0xflair/contracts-registry (>=0.107.10 <=0.123.2) +361 more potentially affected by CVE-2023-30542 via @openzeppelin/contracts-upgradeable (>=4.3.0 <=4.8.2)

@openzeppelin/contracts-upgradeable NPM version =4.3.0, =0.1.0, =0.107.10, =1.9.0, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.107.0, =0.107.0, =0.107.0, =4.0.0, =2.0.0, =0.2.1-alpha, =0.2.1-beta2 and more Source cves: CVE-2023-30542 Source advisory: OSV:GHSA-93HQ-5WGC-JC82...

8.8CVSS7.2AI score0.00584EPSS
Exploits0
Code423n4
Code423n4
added 2023/04/19 12:0 a.m.8 views

[H-06] Double-entrypoint collateral token allows position owner to withdraw underlying collateral without repaying ZCHF

Lines of code Vulnerability details Impact Position::withdraw is intended to allow the position owner to withdraw any ERC20 token which might have ended up at position address. If the collateral address is passed as argument then Position::withdrawCollateral is called to perform the necessary...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2023/04/19 12:0 a.m.15 views

Position.sol: usage of an incorrect version of Ownable library can potentially malfunction all onlyOwner functions

Lines of code Vulnerability details Impact // From https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/access/Ownable.sol The current implementaion is using a non-upgradeable version of the Ownable library isnstead of the upgradeable version:...

6.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2023/04/17 4:45 p.m.5 views

4337-snap (>=0.1.0 <=0.1.1), @0xflair/contracts-registry (>=0.107.10 <=0.123.2) +468 more potentially affected by CVE-2023-30541 via @openzeppelin/contracts-upgradeable (>=3.4.0 <=4.8.2)

@openzeppelin/contracts-upgradeable NPM version =3.4.0, =0.1.0, =0.107.10, =1.9.0, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.107.0, =0.107.0, =0.107.0, =0.0.1, =0.0.1, =4.0.0, =4.3.3 and more Source cves: CVE-2023-30541 Source advisory: OSV:GHSA-MX2Q-35M2-X2RH...

5.3CVSS6AI score0.00812EPSS
Exploits0
Code423n4
Code423n4
added 2023/03/10 12:0 a.m.9 views

MerkleMinter created through TokenFactory cannot be upgraded

Lines of code Vulnerability details Impact During the token creation process in the TokenFactory contract, the function creates a MerkleMinter contract to setup and handle token initial token distribution. ... // Clone and initialize a MerkleMinter address merkleMinter = merkleMinterBase.clone;...

7.1AI score
Exploits0
vulnersOsv
vulnersOsv
added 2023/03/03 8:2 p.m.6 views

@aragon/core-contracts (>=0.7.0-alpha <=0.8.0-alpha), @aragon/osx (>=1.2.0 <=1.3.0-rc0.4) +42 more potentially affected by CVE-2023-26488 via @openzeppelin/contracts-upgradeable (>=4.8.0 <=4.8.1)

@openzeppelin/contracts-upgradeable NPM version =4.8.0, =0.7.0-alpha, =1.2.0, =0.0.1, =0.0.1, =0.0.1, =1.0.4, =2.0.0, =1.0.1, =1.0.15, =1.0.27, =1.0.16, =1.0.29 and more Source cves: CVE-2023-26488 Source advisory: OSV:GHSA-878M-3G6Q-594Q...

6.5CVSS6.5AI score0.00713EPSS
Exploits0
Code423n4
Code423n4
added 2023/02/12 12:0 a.m.9 views

Upgraded Q -> 2 from #59 [1676219064442]

Judge has assessed an item in Issue 59 as 2 risk. The relevant finding follows: L-06 Upgradeable contract is missing a gap50 storage variable to allow for new storage variables in later versions --- The text was updated successfully, but these errors were encountered: All reactions...

6.9AI score
Exploits0
Rows per page
Query Builder