PT-2022-20568 · Openzeppelin · Openzeppelin Contracts For Cairo

Martriay

Published

2022-07-15

Updated

2022-07-22

CVE-2022-31153

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions OpenZeppelin Contracts for Cairo version 0.2.0

Description The issue affects all accounts in the v0.2.0 release of OpenZeppelin Contracts for Cairo that are not whitelisted on StarkNet mainnet, rendering them unusable on live networks. Only goerli deployments of v0.2.0 accounts are affected. This faulty behavior is not observed in StarkNet's testing framework. The bug has been patched in v0.2.1.

Recommendations For version 0.2.0, update to version 0.2.1 to resolve the issue.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-664

Related Identifiers

CVE-2022-31153

GHSA-8MJR-JR5H-Q2XR

Affected Products

Openzeppelin Contracts For Cairo

PT-2022-20568 · Openzeppelin · Openzeppelin Contracts For Cairo

CVE-2022-31153

Weakness Enumeration

Related Identifiers

Affected Products

References · 14