Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2022-31153

Good to know:

icon

Date: July 15, 2022

OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version 0.2.0 is vulnerable to an error that renders account contracts unusable on live networks. This issue affects all accounts (vanilla and ethereum flavors) in the v0.2.0 release of OpenZeppelin Contracts for Cairo, which are not whitelisted on StarkNet mainnet. Only goerli deployments of v0.2.0 accounts are affected. This faulty behavior is not observed in StarkNet's testing framework. This bug has been patched in v0.2.1.

Language: Python

Severity Score

Related Resources (8)

https://github.com/OpenZeppelin/cairo-contracts/commit/2cd60279c3332285d47edf9ee3888b71257acdc9
https://nvd.nist.gov/vuln/detail/CVE-2022-31153
https://github.com/OpenZeppelin/cairo-contracts/issues/386
https://github.com/OpenZeppelin/cairo-contracts/blob/release-0.2.0/src/openzeppelin/account/library.cairo#L203
https://github.com/OpenZeppelin/cairo-contracts/releases/tag/v0.2.1
https://github.com/OpenZeppelin/cairo-contracts/security/advisories/GHSA-8mjr-jr5h-q2xr
https://github.com/OpenZeppelin/cairo-contracts/pull/387
https://www.mend.io/vulnerability-database/CVE-2022-31153

Severity Score

Weakness Type (CWE)

Improper Control of a Resource Through its Lifetime

CWE-664

Incorrect Authorization

CWE-863

Top Fix

icon

Upgrade Version

Upgrade to version openzeppelin-cairo-contracts - 0.2.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us