@openzeppelin/contracts
18 known vulnerabilities · 2 critical · 5 high
OpenZeppelin Contracts initializer reentrancy may lead to double initialization
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated
TimelockController vulnerability in OpenZeppelin Contracts
OpenZeppelin Contracts vulnerable to ECDSA signature malleability
OpenZeppelin Contracts's GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals
OpenZeppelin Contracts's ERC165Checker may revert instead of returning false
OpenZeppelin Contracts and Contracts Upgradeable duplicated execution of subcalls in v4.9.4
OpenZeppelin Contracts ERC165Checker unbounded gas consumption
UUPSUpgradeable vulnerability in @openzeppelin/contracts
OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers
OpenZeppelin Contracts base64 encoding may read from potentially dirty memory
OpenZeppelin Contracts vulnerable to Improper Escaping of Output
OpenZeppelin Contracts's Cross chain utilities for Arbitrum L2 see EOA calls as cross chain calls
OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
OpenZeppelin Contracts's governor proposal creation may be blocked by frontrunning