VYPR

Openzeppelin Contracts

by Openzeppelin

Source repositories

CVEs (22)

  • CVE-2018-13542HigJul 9, 2018
    risk 0.49cvss 7.5epss 0.01

    The mintToken function of a smart contract implementation for ZIBToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

  • CVE-2025-54070MedJul 17, 2025
    risk 0.38cvss epss 0.00

    OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 5.2.0 and prior to version 5.4.0, the `lastIndexOf(bytes,byte,uint256)` function of the `Bytes.sol` library may access uninitialized memory when the following two conditions hold: 1)…

  • CVE-2024-45304Aug 30, 2024
    risk 0.00cvss epss 0.00

    Cairo-Contracts are OpenZeppelin Contracts written in Cairo for Starknet, a decentralized ZK Rollup. This vulnerability can lead to unauthorized ownership transfer, contrary to the original owner's intention of leaving the contract without an owner. It introduces a security risk…

  • CVE-2024-27094Feb 29, 2024
    risk 0.00cvss epss 0.01

    OpenZeppelin Contracts is a library for secure smart contract development. The `Base64.encode` function encodes a `bytes` input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the…

  • CVE-2023-49798Dec 8, 2023
    risk 0.00cvss epss 0.01

    OpenZeppelin Contracts is a library for smart contract development. A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a line duplication. In the version of `Multicall.sol` released in `@openzeppelin/contracts@4.9.4` and `@openzeppelin/contracts-upgradeable@4.9.4…

  • CVE-2023-40014Aug 10, 2023
    risk 0.00cvss epss 0.01

    OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using `ERC2771Context` along with a custom trusted forwarder may see `_msgSender` return `address(0)` in calls that originate from the…

  • CVE-2023-34459Jun 16, 2023
    risk 0.00cvss epss 0.00

    OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, when the `verifyMultiProof`, `verifyMultiProofCalldata`, `procesprocessMultiProof`, or `processMultiProofCalldat` functions are in use, it is possible to…

  • CVE-2023-34234Jun 7, 2023
    risk 0.00cvss epss 0.01

    OpenZeppelin Contracts is a library for smart contract development. By frontrunning the creation of a proposal, an attacker can become the proposer and gain the ability to cancel it. The attacker can do this repeatedly to try to prevent a proposal from being proposed at all.…

  • CVE-2023-30541Apr 17, 2023
    risk 0.00cvss epss 0.01

    OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with…

  • CVE-2023-30542Apr 16, 2023
    risk 0.00cvss epss 0.01

    OpenZeppelin Contracts is a library for secure smart contract development. The proposal creation entrypoint (`propose`) in `GovernorCompatibilityBravo` allows the creation of proposals with a `signatures` array shorter than the `calldatas` array. This causes the additional…

  • CVE-2023-26488Mar 3, 2023
    risk 0.00cvss epss 0.01

    OpenZeppelin Contracts is a library for secure smart contract development. The ERC721Consecutive contract designed for minting NFTs in batches does not update balances when a batch has size 1 and consists of a single token. Subsequent transfers from the receiver of that token…

  • CVE-2022-39384Nov 4, 2022
    risk 0.00cvss epss 0.00

    OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted…

  • CVE-2022-35961Aug 14, 2022
    risk 0.00cvss epss 0.00

    OpenZeppelin Contracts is a library for secure smart contract development. The functions `ECDSA.recover` and `ECDSA.tryRecover` are vulnerable to a kind of signature malleability due to accepting EIP-2098 compact signatures in addition to the traditional 65 byte signature…

  • CVE-2022-35915Aug 1, 2022
    risk 0.00cvss epss 0.01

    OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 `supportsInterface` query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue…

  • CVE-2022-35916Aug 1, 2022
    risk 0.00cvss epss 0.00

    OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, `CrossChainEnabledArbitrumL2` or `LibArbitrumL2`, will classify direct interactions of externally owned accounts (EOAs) as cross chain calls,…

  • CVE-2022-31198Aug 1, 2022
    risk 0.00cvss epss 0.01

    OpenZeppelin Contracts is a library for secure smart contract development. This issue concerns instances of Governor that use the module `GovernorVotesQuorumFraction`, a mechanism that determines quorum requirements as a percentage of the voting token's total supply. In affected…

  • CVE-2022-31170Jul 21, 2022
    risk 0.00cvss epss 0.01

    OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning `false`. `ERC165Checker.supportsInterface` is designed to always successfully return a boolean, and under no circumstance…

  • CVE-2022-31172Jul 21, 2022
    risk 0.00cvss epss 0.00

    OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. `SignatureChecker.isValidSignatureNow` is not expected to revert. However, an incorrect assumption about Solidity 0.8's `abi.decode`…

  • CVE-2021-46320Feb 4, 2022
    risk 0.00cvss epss 0.01

    In OpenZeppelin <=v4.4.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be…

  • CVE-2021-41264Nov 12, 2021
    risk 0.00cvss epss 0.01

    OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using `UUPSUpgradeable` may be vulnerable to an attack affecting uninitialized implementation contracts. A fix is included in version 4.3.2 of `@openzeppelin/contracts`…

Page 1 of 2