CVE-2022-35915
OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 supportsInterface query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue has been fixed in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue.
| Software | From | Fixed in |
|---|---|---|
| openzeppelin / openzeppelin-solidity | 2.0.0 | 2.0.0.x |
| openzeppelin / contracts | 2.0.0 | 4.7.2 |
| openzeppelin / openzeppelin-eth | 2.0.0 | 2.0.0.x |
| openzeppelin / contracts_upgradeable | 3.2.0 | 4.7.2 |
@openzeppelin / contracts
|
2.0.0 | 4.7.2 |
|
openzeppelin-solidity
|
2.0.0 | 4.6.0.x |
|
@openzeppelin / contracts-upgradeable
|
3.2.0 | 4.7.2 |
|
openzeppelin-eth
|
2.0.0 | 2.2.0.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime