Latest openzeppelin contracts Vulnerabilities

CVE-2023-49798
Duplicated execution of subcalls in OpenZeppelin Contracts
npm/@openzeppelin/contracts-upgradeable=4.9.4
npm/@openzeppelin/contracts=4.9.4
Openzeppelin Contracts=4.9.4
Openzeppelin Contracts Upgradeable=4.9.4
CVE-2023-34459
OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, when the `verifyMultiProof`, `verifyMultiProofCalldata`, `procesprocessMultiPr...
Openzeppelin Contracts>=4.7.0<4.9.2
Openzeppelin Contracts Upgradeable>=4.7.0<4.9.2
npm/@openzeppelin/contracts-upgradeable>=4.7.0<4.9.2
npm/@openzeppelin/contracts>=4.7.0<4.9.2
CVE-2023-30541
OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. ...
Openzeppelin Contracts>=3.2.0<4.8.3
Openzeppelin Contracts Upgradeable>=3.2.0<4.8.3
npm/@openzeppelin/contracts-upgradeable>=3.2.0<4.8.3
npm/@openzeppelin/contracts>=3.2.0<4.8.3
CVE-2023-30542
Openzeppelin Contracts>=4.3.0<4.8.3
Openzeppelin Contracts Upgradeable>=4.3.0<4.8.3
CVE-2023-26488
OpenZeppelin Contracts is a library for secure smart contract development. The ERC721Consecutive contract designed for minting NFTs in batches does not update balances when a batch has size 1 and cons...
Openzeppelin Contracts>=4.8.0<4.8.2
Openzeppelin Contracts Upgradeable>=4.8.0<4.8.2
CVE-2023-23940
OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. `is_valid_eth_signature` is missing a call to `finalize_ke...
Openzeppelin Contracts>=0.2.0<0.6.1
CVE-2022-39384
OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separate from contract creation (the most promin...
Openzeppelin Contracts>=3.2.0<4.4.1
Openzeppelin Contracts Upgradeable>=3.2.0<4.4.1
CVE-2022-35961
OpenZeppelin Contracts is a library for secure smart contract development. The functions `ECDSA.recover` and `ECDSA.tryRecover` are vulnerable to a kind of signature malleability due to accepting EIP-...
Openzeppelin Contracts>=4.1.0<4.7.3
Openzeppelin Contracts Upgradeable>=4.1.0<4.7.3
CVE-2022-35916
OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, `CrossChainEnabledArbitrumL2` or `LibArbitrumL2`, will classify di...
Openzeppelin Contracts>=4.6.0<4.7.2
Openzeppelin Contracts Upgradeable>=4.6.0<4.7.2
CVE-2022-31198
OpenZeppelin Contracts is a library for secure smart contract development. This issue concerns instances of Governor that use the module `GovernorVotesQuorumFraction`, a mechanism that determines quor...
Openzeppelin Contracts>=4.3.0<4.7.2
Openzeppelin Contracts Upgradeable>=4.3.0<4.7.2
CVE-2022-35915
### Impact The target contract of an EIP-165 `supportsInterface` query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded ...
Openzeppelin Contracts>=2.0.0<4.7.2
Openzeppelin Contracts Upgradeable>=3.2.0<4.7.2
Openzeppelin Openzeppelin-eth>=2.0.0
Openzeppelin Openzeppelin-solidity>=2.0.0
CVE-2022-31172
OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. `SignatureChecker.isValidSignatureNow` is not expected ...
Openzeppelin Contracts>=4.1.0<4.7.1
CVE-2022-31170
OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning `false`. `ERC165Checker.supportsInterface`...
Openzeppelin Contracts>=4.0.0<4.7.1
CVE-2022-31153
OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version 0.2.0 is vulnerable to an error that renders account contracts ...
Openzeppelin Contracts=0.2.0
CVE-2021-41264
OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using `UUPSUpgradeable` may be vulnerable to an attack affecting uninitialized implementa...
Openzeppelin Contracts>=4.1.0<4.3.2
CVE-2021-39168
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details abou...
Openzeppelin Contracts>=3.3.0<3.4.2
Openzeppelin Contracts>=4.0.0<4.3.1
CVE-2021-39167
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details abou...
Openzeppelin Contracts>=3.3.0<3.4.2
Openzeppelin Contracts>=4.0.0<4.3.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203