Contracts@4.1.0 Security Vulnerabilities and Issues — Contracts@4.1.0 CVE List

Lucene search

OpenzeppelinContracts4.1.0

3 matches found

CVE•added 2022/07/22 4:15 a.m.•76 views

CVE-2022-31172

OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to reve...

7.5CVSS7.4AI score0.00108EPSS

CVE•added 2022/08/15 11:21 a.m.•59 views

CVE-2022-35961

OpenZeppelin Contracts is a library for secure smart contract development. The functions ECDSA.recover and ECDSA.tryRecover are vulnerable to a kind of signature malleability due to accepting EIP-2098 compact signatures in addition to the traditional 65 byte signature format. This is only an issue ...

7.9CVSS6.8AI score0.00127EPSS

CVE•added 2021/11/12 6:15 p.m.•48 views

CVE-2021-41264

OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using UUPSUpgradeable may be vulnerable to an attack affecting uninitialized implementation contracts. A fix is included in version 4.3.2 of @openzeppelin/contracts and @openzeppelin/contr...

9.8CVSS9.4AI score0.00641EPSS