icon

We found results for “

CVE-2022-31172

Good to know:

icon

Date: July 21, 2022

OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. "SignatureChecker.isValidSignatureNow" is not expected to revert. However, an incorrect assumption about Solidity 0.8's "abi.decode" allows some cases to revert, given a target contract that doesn't implement EIP-1271 as expected. The contracts that may be affected are those that use "SignatureChecker" to check the validity of a signature and handle invalid signatures in a way other than reverting. The issue was patched in version 4.7.1.

Language: JS

Severity Score

Severity Score

Weakness Type (CWE)

Improper Verification of Cryptographic Signature

CWE-347

Improper Input Validation

CWE-20

Top Fix

icon

Upgrade Version

Upgrade to version @openzeppelin/contracts-upgradeable - 4.7.1;@openzeppelin/contracts - 4.7.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): HIGH
Availability (A): NONE

Do you need more information?

Contact Us