logo

Database

Inappropriate coding practices In @openzeppelin/contracts

Description

OpenZeppelin Contracts contains Incorrect Calculation

Impact

The ERC721Consecutive contract designed for minting NFTs in batches does not update balances when a batch has size 1 and consists of a single token. Subsequent transfers from the receiver of that token may overflow the balance as reported by balanceOf.

The issue exclusively presents with batches of size 1.

Patches

The issue has been patched in 4.8.2.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2023-264882. NVD-2023-264883. OSV-2023-264884. GHSA-878m-3g6q-594q5. GCVE-2023-26488

References

1. https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-878m-3g6q-594q2. https://github.com/OpenZeppelin/openzeppelin-contracts/commit/167bf67ed3907f4a674043496019fa346cee77053. https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.8.2

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.