CVE-2023-49798

Name of the Vulnerable Software and Affected Versions @openzeppelin/contracts versions 4.9.4 @openzeppelin/contracts-upgradeable versions 4.9.4

Description A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a line duplication in the Multicall.sol file. This results in all subcalls being executed twice, exposing users to unintentionally duplicate operations like asset transfers.

Recommendations For @openzeppelin/contracts version 4.9.4, upgrade to version 4.9.5 to resolve the issue. For @openzeppelin/contracts-upgradeable version 4.9.4, upgrade to version 4.9.5 to resolve the issue. As a temporary workaround, consider restricting the use of the Multicall.sol file until a patch is applied.