10 matches found
CVE-2024-45304 OwnableTwoStep allows a pending owner to accept ownership after the original owner has renounced ownership in cairo-contracts
Cairo-Contracts are OpenZeppelin Contracts written in Cairo for Starknet, a decentralized ZK Rollup. This vulnerability can lead to unauthorized ownership transfer, contrary to the original owner's intention of leaving the contract without an owner. It introduces a security risk where an unintend...
CVE-2024-45304
CVE-2024-45304 affects Cairo-Contracts (OpenZeppelin Cairo contracts for StarkNet). The issue, described as an OwnableTwoStep flaw, lets a pending owner gain control after the original owner renounces ownership, enabling an unintended transfer of ownership. Root cause: a flaw in the two-step owne...
CVE-2023-23940
OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. isvalidethsignature is missing a call to finalizekeccak after calling verifyethsignature. As a result, any contract using isvalidethsignature from the...
CVE-2023-23940 OpenZeppelin Contracts for Cairo is vulnerable to signature validation bypass
OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. isvalidethsignature is missing a call to finalizekeccak after calling verifyethsignature. As a result, any contract using isvalidethsignature from the...
CVE-2023-23940
OpenZeppelin Contracts for Cairo contains a vulnerability in the account library: is_valid_eth_signature does not call finalize_keccak after verify_eth_signature, allowing a malicious sequencer to bypass signature validation and impersonate accounts (e.g., EthAccount). The issue affects StarkNet/...
CVE-2023-23940 OpenZeppelin Contracts for Cairo is vulnerable to signature validation bypass
OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. isvalidethsignature is missing a call to finalizekeccak after calling verifyethsignature. As a result, any contract using isvalidethsignature from the...
CVE-2022-31153
OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version 0.2.0 is vulnerable to an error that renders account contracts unusable on live networks. This issue affects all accounts vanilla and ethereum flavors in the...
Design/Logic Flaw
OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version 0.2.0 is vulnerable to an error that renders account contracts unusable on live networks. This issue affects all accounts vanilla and ethereum flavors in the...
PYSEC-2022-43143
OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version 0.2.0 is vulnerable to an error that renders account contracts unusable on live networks. This issue affects all accounts vanilla and ethereum flavors in the...
CVE-2022-31153 OpenZeppelin Contracts for Cairo account cannot process transactions on Goerli
OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version 0.2.0 is vulnerable to an error that renders account contracts unusable on live networks. This issue affects all accounts vanilla and ethereum flavors in the...