
We found results for “”
CVE-2022-31172
Good to know:

Date: July 21, 2022
OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. "SignatureChecker.isValidSignatureNow" is not expected to revert. However, an incorrect assumption about Solidity 0.8's "abi.decode" allows some cases to revert, given a target contract that doesn't implement EIP-1271 as expected. The contracts that may be affected are those that use "SignatureChecker" to check the validity of a signature and handle invalid signatures in a way other than reverting. The issue was patched in version 4.7.1.
Language: JS
Severity Score
Severity Score
Weakness Type (CWE)
Top Fix

Upgrade Version
Upgrade to version @openzeppelin/contracts-upgradeable - 4.7.1;@openzeppelin/contracts - 4.7.1
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | HIGH |
Availability (A): | NONE |