Contracts Security Vulnerabilities and Issues — Contracts CVE List

Lucene search

OpenzeppelinContracts

7 matches found

CVE•added 2023/06/16 11:15 p.m.•71 views

CVE-2023-34459

OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, when the verifyMultiProof, verifyMultiProofCalldata, procesprocessMultiProof, or processMultiProofCalldat functions are in use, it is possible to construct merkle trees that all...

5.9CVSS5.3AI score0.00632EPSS

CVE•added 2023/02/03 8:15 p.m.•61 views

CVE-2023-23940

OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. is_valid_eth_signature is missing a call to finalize_keccak after calling verify_eth_signature. As a result, any contract using is_valid_eth_signature from t...

6.4CVSS5.4AI score0.00007EPSS

CVE•added 2023/03/03 10:15 p.m.•51 views

CVE-2023-26488

OpenZeppelin Contracts is a library for secure smart contract development. The ERC721Consecutive contract designed for minting NFTs in batches does not update balances when a batch has size 1 and consists of a single token. Subsequent transfers from the receiver of that token may overflow the balan...

6.5CVSS6.6AI score0.00075EPSS

CVE•added 2023/04/17 10:15 p.m.•48 views

CVE-2023-30541

OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding, th...

5.3CVSS5.1AI score0.00105EPSS

CVE•added 2023/04/16 8:15 a.m.•46 views

CVE-2023-30542

OpenZeppelin Contracts is a library for secure smart contract development. The proposal creation entrypoint (propose) in GovernorCompatibilityBravo allows the creation of proposals with a signatures array shorter than the calldatas array. This causes the additional elements of the latter to be igno...

8.8CVSS7.7AI score0.00175EPSS

CVE•added 2023/12/09 12:15 a.m.•36 views

CVE-2023-49798

OpenZeppelin Contracts is a library for smart contract development. A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a line duplication. In the version of Multicall.sol released in @openzeppelin/[email protected] and @openzeppelin/[email protected], all subcalls are execu...

7.5CVSS6.5AI score0.00376EPSS

CVE•added 2023/06/07 6:15 p.m.•34 views

CVE-2023-34234

OpenZeppelin Contracts is a library for smart contract development. By frontrunning the creation of a proposal, an attacker can become the proposer and gain the ability to cancel it. The attacker can do this repeatedly to try to prevent a proposal from being proposed at all. This impacts the Govern...

5.3CVSS5.2AI score0.00081EPSS