VYPR
Moderate severityNVD Advisory· Published Aug 1, 2022· Updated Apr 23, 2025

Unbounded gas consumption in @openzeppelin/contracts

CVE-2022-35915

Description

OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 supportsInterface query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue has been fixed in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
@openzeppelin/contractsnpm
>= 2.0.0, < 4.7.24.7.2
openzeppelin-soliditynpm
>= 2.0.0, <= 4.6.0
@openzeppelin/contracts-upgradeablenpm
>= 3.2.0, < 4.7.24.7.2
openzeppelin-ethnpm
>= 2.0.0, <= 2.2.0

Affected products

5

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.