Home > Vulnerability Database > WS-2021-0423

Mend.io Vulnerability Database

WS-2021-0423

Date: August 19, 2025

When ERC1155 tokens are minted, a callback is invoked on the receiver of those tokens, as required by the spec. When including the ERC1155Supply extension, total supply is not updated until after the callback, thus during the callback the reported total supply is lower than the real number of tokens in circulation.

Language: JS

Severity Score

6.5

Related Resources (4)

Url: https://github.com/OpenZeppelin/openzeppelin-contracts/commit/c9acfb3c238e2d8bbd1bbfacc97c8322f65ab82a

Url: https://github.com/OpenZeppelin/openzeppelin-contracts

Url: https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-wmpv-c2jp-j2xg

Url: https://www.mend.io/vulnerability-database/WS-2021-0423

Severity Score

6.5

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2021-0423

Date: August 19, 2025

Language: JS

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?