CVE-2023-26488

Name of the Vulnerable Software and Affected Versions OpenZeppelin Contracts versions prior to 4.8.2

Description The ERC721Consecutive contract, designed for minting NFTs in batches, does not update balances when a batch has size 1 and consists of a single token. Subsequent transfers from the receiver of that token may overflow the balance as reported by balanceOf. The issue exclusively presents with batches of size 1.

Recommendations For versions prior to 4.8.2, update to version 4.8.2 to resolve the issue. As a temporary workaround, consider restricting the use of the ERC721Consecutive contract for batches of size 1 until the update is applied.