Openzeppelin · Openzeppelin Contracts · CVE-2023-34234
**Name of the Vulnerable Software and Affected Versions**
OpenZeppelin Contracts versions 4.3.0 through 4.9.0
**Description**
The issue allows an attacker to become the proposer and gain the ability to cancel a proposal by frontrunning its creation. This can be done repeatedly to prevent a proposal from being proposed. The estimated number of potentially affected devices is not provided.
**Recommendations**
For versions 4.3.0 through 4.9.0, upgrade to version 4.9.1 to patch the issue by introducing opt-in frontrunning protection.
For users unable to upgrade, submit the proposal creation transaction to an endpoint with frontrunning protection as a workaround.