CVE-2023-34234

Name of the Vulnerable Software and Affected Versions OpenZeppelin Contracts versions 4.3.0 through 4.9.0

Description The issue allows an attacker to become the proposer and gain the ability to cancel a proposal by frontrunning its creation. This can be done repeatedly to prevent a proposal from being proposed. The estimated number of potentially affected devices is not provided.

Recommendations For versions 4.3.0 through 4.9.0, upgrade to version 4.9.1 to patch the issue by introducing opt-in frontrunning protection. For users unable to upgrade, submit the proposal creation transaction to an endpoint with frontrunning protection as a workaround.