Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-30543

Good to know:

icon
icon

Date: April 17, 2023

@web3-react is a framework for building Ethereum Apps . In affected versions the `chainId` may be outdated if the user changes chains as part of the connection flow. This means that the value of `chainId` returned by `useWeb3React()` may be incorrect. In an application, this means that any data derived from `chainId` could be incorrect. For example, if a swapping application derives a wrapped token contract address from the `chainId` *and* a user has changed chains as part of their connection flow the application could cause the user to send funds to the incorrect address when wrapping. This issue has been addressed in PR #749 and is available in updated npm artifacts. There are no known workarounds for this issue. Users are advised to upgrade.

Language: TYPE_SCRIPT

Severity Score

Related Resources (4)

https://github.com/Uniswap/web3-react/pull/749
https://nvd.nist.gov/vuln/detail/CVE-2023-30543
https://github.com/Uniswap/web3-react/security/advisories/GHSA-8pf3-6fgr-3g3g
https://www.mend.io/vulnerability-database/CVE-2023-30543

Severity Score

Weakness Type (CWE)

Race Conditions

CWE-362

Top Fix

icon

Upgrade Version

Upgrade to version @web3-react/coinbase-wallet - 8.0.35-beta.0, @web3-react/eip1193 - 8.0.27-beta, @web3-react/metamask - 8.0.30-beta.0, @web3-react/walletconnect - 8.0.37-beta.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): HIGH
Availability (A): NONE

Do you need more information?

Contact Us