CVE-2022-31170

Name of the Vulnerable Software and Affected Versions OpenZeppelin Contracts versions 4.0.0 through 4.7.1

Description The issue concerns the ERC165Checker in OpenZeppelin Contracts, which may revert instead of returning false under certain conditions. Specifically, this occurs when a target contract does not implement EIP-165 as expected and returns a value other than 0 or 1. The contracts that may be affected are those that use ERC165Checker to check for support for an interface and then handle the lack of support in a way other than reverting.

Recommendations For versions 4.0.0 through 4.7.1, update to version 4.7.1 to resolve the issue. As a temporary workaround, consider modifying the contract to handle the lack of support in a way that does not rely on the return value of ERC165Checker.supportsInterface. Restrict access to the ERC165Checker function to minimize the risk of exploitation until the issue is resolved.