Contracts Upgradeable Security Vulnerabilities and Issues — Contracts Upgradeable CVE List

Lucene search

OpenzeppelinContracts Upgradeable

3 matches found

CVE•added 2022/08/15 11:21 a.m.•58 views

CVE-2022-35961

OpenZeppelin Contracts is a library for secure smart contract development. The functions ECDSA.recover and ECDSA.tryRecover are vulnerable to a kind of signature malleability due to accepting EIP-2098 compact signatures in addition to the traditional 65 byte signature format. This is only an issue ...

7.9CVSS6.8AI score0.00018EPSS

CVE•added 2022/08/01 9:15 p.m.•52 views

CVE-2022-31198

OpenZeppelin Contracts is a library for secure smart contract development. This issue concerns instances of Governor that use the module GovernorVotesQuorumFraction, a mechanism that determines quorum requirements as a percentage of the voting token's total supply. In affected instances, when a pro...

7.5CVSS7.4AI score0.00106EPSS

CVE•added 2023/12/09 12:15 a.m.•36 views

CVE-2023-49798

OpenZeppelin Contracts is a library for smart contract development. A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a line duplication. In the version of Multicall.sol released in @openzeppelin/[email protected] and @openzeppelin/[email protected], all subcalls are execu...

7.5CVSS6.5AI score0.00376EPSS