Описание
OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version 0.2.0 is vulnerable to an error that renders account contracts unusable on live networks. This issue affects all accounts (vanilla and ethereum flavors) in the v0.2.0 release of OpenZeppelin Contracts for Cairo, which are not whitelisted on StarkNet mainnet. Only goerli deployments of v0.2.0 accounts are affected. This faulty behavior is not observed in StarkNet's testing framework. This bug has been patched in v0.2.1.
Ссылки
- ExploitThird Party Advisory
- PatchThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:openzeppelin:contracts:0.2.0:*:*:*:*:cairo:*:*
EPSS
Процентиль: 78%
0.01109
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-664
CWE-863
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
OpenZeppelin Contracts for Cairo account cannot process transactions on Goerli
EPSS
Процентиль: 78%
0.01109
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-664
CWE-863