logo

Database

Improper authorization control for web services In @openzeppelin/contracts

Description

OpenZeppelin Contracts's governor proposal creation may be blocked by frontrunning

Impact

By frontrunning the creation of a proposal, an attacker can become the proposer and gain the ability to cancel it. The attacker can do this repeatedly to try to prevent a proposal from being proposed at all.

This impacts the Governor contract in v4.9.0 only, and the GovernorCompatibilityBravo contract since v4.3.0.

Patches

The problem has been patched in 4.9.1 by introducing opt-in frontrunning protection.

Workarounds

Submit the proposal creation transaction to an endpoint with frontrunning protection.

Credit

Reported by Lior Abadi and Joaquin Pereyra from Coinspect.

References

https://www.coinspect.com/openzeppelin-governor-dos/

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2023-342342. NVD-2023-342343. OSV-2023-342344. GHSA-5h3x-9wvq-w4m25. GCVE-2023-34234

References

1. https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-5h3x-9wvq-w4m22. https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/66f390fa516b550838e2c2f65132b5bc2afe1ced3. https://github.com/OpenZeppelin/openzeppelin-contracts/commit/d9474327a492f9f310f31bc53f38dbea56ed9a574. https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.9.1

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.