Lucene search
K

10 matches found

Vulnrichment
Vulnrichment
added 2024/08/30 11:51 p.m.14 views

CVE-2024-45304 OwnableTwoStep allows a pending owner to accept ownership after the original owner has renounced ownership in cairo-contracts

Cairo-Contracts are OpenZeppelin Contracts written in Cairo for Starknet, a decentralized ZK Rollup. This vulnerability can lead to unauthorized ownership transfer, contrary to the original owner's intention of leaving the contract without an owner. It introduces a security risk where an unintend...

5.3CVSS7.3AI score0.00479EPSS
Exploits0References3
CVE
CVE
added 2024/08/30 11:51 p.m.51 views

CVE-2024-45304

CVE-2024-45304 affects Cairo-Contracts (OpenZeppelin Cairo contracts for StarkNet). The issue, described as an OwnableTwoStep flaw, lets a pending owner gain control after the original owner renounces ownership, enabling an unintended transfer of ownership. Root cause: a flaw in the two-step owne...

6.5CVSS5.7AI score0.00479EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/02/03 8:15 p.m.21 views

CVE-2023-23940

OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. isvalidethsignature is missing a call to finalizekeccak after calling verifyethsignature. As a result, any contract using isvalidethsignature from the...

6.4CVSS6.3AI score0.0022EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/02/03 7:43 p.m.19 views

CVE-2023-23940 OpenZeppelin Contracts for Cairo is vulnerable to signature validation bypass

OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. isvalidethsignature is missing a call to finalizekeccak after calling verifyethsignature. As a result, any contract using isvalidethsignature from the...

6.4CVSS6.6AI score0.0022EPSS
Exploits0References2
CVE
CVE
added 2023/02/03 7:43 p.m.72 views

CVE-2023-23940

OpenZeppelin Contracts for Cairo contains a vulnerability in the account library: is_valid_eth_signature does not call finalize_keccak after verify_eth_signature, allowing a malicious sequencer to bypass signature validation and impersonate accounts (e.g., EthAccount). The issue affects StarkNet/...

6.4CVSS5.4AI score0.0022EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/02/03 7:43 p.m.17 views

CVE-2023-23940 OpenZeppelin Contracts for Cairo is vulnerable to signature validation bypass

OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. isvalidethsignature is missing a call to finalizekeccak after calling verifyethsignature. As a result, any contract using isvalidethsignature from the...

6.4CVSS5.5AI score0.0022EPSS
Exploits0References4
NVD
NVD
added 2022/07/15 6:15 p.m.15 views

CVE-2022-31153

OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version 0.2.0 is vulnerable to an error that renders account contracts unusable on live networks. This issue affects all accounts vanilla and ethereum flavors in the...

6.5CVSS0.01115EPSS
Exploits1References6
Prion
Prion
added 2022/07/15 6:15 p.m.13 views

Design/Logic Flaw

OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version 0.2.0 is vulnerable to an error that renders account contracts unusable on live networks. This issue affects all accounts vanilla and ethereum flavors in the...

4CVSS6.4AI score0.01115EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2022/07/15 6:15 p.m.4 views

PYSEC-2022-43143

OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version 0.2.0 is vulnerable to an error that renders account contracts unusable on live networks. This issue affects all accounts vanilla and ethereum flavors in the...

6.5CVSS7AI score
Exploits0References6
OSV
OSV
added 2022/07/15 5:50 p.m.19 views

CVE-2022-31153 OpenZeppelin Contracts for Cairo account cannot process transactions on Goerli

OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version 0.2.0 is vulnerable to an error that renders account contracts unusable on live networks. This issue affects all accounts vanilla and ethereum flavors in the...

6.5CVSS6.3AI score0.01115EPSS
Exploits1References8
Rows per page
Query Builder