You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello developers. We are utilizing some automated tools to detect potential dependency issues. If there are any inaccuracy, we would greatly appreciate your corrections and feedback.
We noticed that there is a known problem/bug in the contract libraries/NftCheck.sol. The NftCheck contract use solidity 0.8.6 and abi.decode. According to GHSA-qh9x-gcfh-pcrw, this contract may revert instead of returning false. The influenced functions are functions invoking _supportsInterface. It could be upgraded to the fixed version or the latest like the OZ library.
This issue may not directly cause security risks, but it can influence users by malicious data or someone who forked this repository. We known that possible fixes may have to be in the next major version. However, we hope that the security advisory could be in contract comments or documentation to facilitate users' understanding of potential issues and monitoring of actual behaviors.
The text was updated successfully, but these errors were encountered:
Hello developers. We are utilizing some automated tools to detect potential dependency issues. If there are any inaccuracy, we would greatly appreciate your corrections and feedback.
We noticed that there is a known problem/bug in the contract
libraries/NftCheck.sol. The NftCheck contract use solidity 0.8.6 andabi.decode. According to GHSA-qh9x-gcfh-pcrw, this contract may revert instead of returning false. The influenced functions are functions invoking_supportsInterface. It could be upgraded to the fixed version or the latest like the OZ library.This issue may not directly cause security risks, but it can influence users by malicious data or someone who forked this repository. We known that possible fixes may have to be in the next major version. However, we hope that the security advisory could be in contract comments or documentation to facilitate users' understanding of potential issues and monitoring of actual behaviors.
The text was updated successfully, but these errors were encountered: