Описание
OpenZeppelin Contracts ERC165Checker unbounded gas consumption
Impact
The target contract of an EIP-165 supportsInterface query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost.
Patches
The issue has been fixed in v4.7.2.
References
https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3587
For more information
If you have any questions or comments about this advisory, or need assistance deploying a fix, email us at security@openzeppelin.com.
Пакеты
@openzeppelin/contracts
>= 2.0.0, < 4.7.2
4.7.2
openzeppelin-solidity
>= 2.0.0, <= 4.6.0
Отсутствует
@openzeppelin/contracts-upgradeable
>= 3.2.0, < 4.7.2
4.7.2
openzeppelin-eth
>= 2.0.0, <= 2.2.0
Отсутствует
Связанные уязвимости
OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 `supportsInterface` query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue has been fixed in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue.