Contracts Upgradeable Security Vulnerabilities and Issues — Contracts Upgradeable CVE List

Lucene search

OpenzeppelinContracts Upgradeable

4 matches found

CVE•added 2022/08/01 9:15 p.m.•65 views

CVE-2022-35915

OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 supportsInterface query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue has been fixed in v4.7...

5.3CVSS5.1AI score0.00403EPSS

CVE•added 2022/08/01 9:15 p.m.•58 views

CVE-2022-35916

OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, CrossChainEnabledArbitrumL2 or LibArbitrumL2, will classify direct interactions of externally owned accounts (EOAs) as cross chain calls, even though they are not st...

5.3CVSS5.1AI score0.00337EPSS

CVE•added 2022/08/15 11:21 a.m.•58 views

CVE-2022-35961

OpenZeppelin Contracts is a library for secure smart contract development. The functions ECDSA.recover and ECDSA.tryRecover are vulnerable to a kind of signature malleability due to accepting EIP-2098 compact signatures in addition to the traditional 65 byte signature format. This is only an issue ...

7.9CVSS6.8AI score0.00018EPSS

CVE•added 2022/08/01 9:15 p.m.•52 views

CVE-2022-31198

OpenZeppelin Contracts is a library for secure smart contract development. This issue concerns instances of Governor that use the module GovernorVotesQuorumFraction, a mechanism that determines quorum requirements as a percentage of the voting token's total supply. In affected instances, when a pro...

7.5CVSS7.4AI score0.0039EPSS