OpenZeppelin Known Vulnerabilities

Find the version that the project you currently develop or audit uses and quickly check which are the known smart contract security vulnerabilities that may affect your code.

Source: https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories
Repository: https://github.com/OpenZeppelin/openzeppelin-contracts

5.0.0 (0)

• none

4.9.3 (0)

• none

4.9.2 (1)

• ERC2771Context with custom forwarder may lead to zero-valued _msgSender

4.9.1 (2)

• ERC2771Context with custom forwarder may lead to zero-valued _msgSender
• MerkleProof multiproofs may allow proving arbitrary leaves for specific trees

4.9.0 (3)

• ERC2771Context with custom forwarder may lead to zero-valued _msgSender
• MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
• Governor proposal creation may be blocked by frontrunning

4.8.3 (3)

• ERC2771Context with custom forwarder may lead to zero-valued _msgSender
• MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
• Governor proposal creation may be blocked by frontrunning

4.8.2 (5)

• ERC2771Context with custom forwarder may lead to zero-valued _msgSender
• MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
• Governor proposal creation may be blocked by frontrunning
• TransparentUpgradeableProxy clashing selector calls may not be delegated
• GovernorCompatibilityBravo may trim proposal calldata

4.8.1 (6)

• ERC2771Context with custom forwarder may lead to zero-valued _msgSender
• MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
• Governor proposal creation may be blocked by frontrunning
• TransparentUpgradeableProxy clashing selector calls may not be delegated
• GovernorCompatibilityBravo may trim proposal calldata
• ERC721Consecutive incorrect balance update with batch of 1

4.8.0 (6)

• ERC2771Context with custom forwarder may lead to zero-valued _msgSender
• MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
• Governor proposal creation may be blocked by frontrunning
• TransparentUpgradeableProxy clashing selector calls may not be delegated
• GovernorCompatibilityBravo may trim proposal calldata
• ERC721Consecutive incorrect balance update with batch of 1

4.7.3 (5)

• ERC2771Context with custom forwarder may lead to zero-valued _msgSender
• MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
• Governor proposal creation may be blocked by frontrunning
• TransparentUpgradeableProxy clashing selector calls may not be delegated
• GovernorCompatibilityBravo may trim proposal calldata

4.7.2 (6)

• ERC2771Context with custom forwarder may lead to zero-valued _msgSender
• MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
• Governor proposal creation may be blocked by frontrunning
• TransparentUpgradeableProxy clashing selector calls may not be delegated
• GovernorCompatibilityBravo may trim proposal calldata
• ECDSA signature malleability

4.7.1 (9)

• ERC2771Context with custom forwarder may lead to zero-valued _msgSender
• MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
• Governor proposal creation may be blocked by frontrunning
• TransparentUpgradeableProxy clashing selector calls may not be delegated
• GovernorCompatibilityBravo may trim proposal calldata
• ECDSA signature malleability
• Cross chain utilities for Arbitrum L2 see EOA calls as cross chain calls
• GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals
• ERC165Checker unbounded gas consumption

4.7.0 (11)

• ERC2771Context with custom forwarder may lead to zero-valued _msgSender
• MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
• Governor proposal creation may be blocked by frontrunning
• TransparentUpgradeableProxy clashing selector calls may not be delegated
• GovernorCompatibilityBravo may trim proposal calldata
• ECDSA signature malleability
• Cross chain utilities for Arbitrum L2 see EOA calls as cross chain calls
• GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals
• ERC165Checker unbounded gas consumption
• SignatureChecker may revert on invalid EIP-1271 signers
• ERC165Checker may revert instead of returning false

4.6.0 (10)

• ERC2771Context with custom forwarder may lead to zero-valued _msgSender
• Governor proposal creation may be blocked by frontrunning
• TransparentUpgradeableProxy clashing selector calls may not be delegated
• GovernorCompatibilityBravo may trim proposal calldata
• ECDSA signature malleability
• Cross chain utilities for Arbitrum L2 see EOA calls as cross chain calls
• GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals
• ERC165Checker unbounded gas consumption
• SignatureChecker may revert on invalid EIP-1271 signers
• ERC165Checker may revert instead of returning false

4.5.0 (9)

• ERC2771Context with custom forwarder may lead to zero-valued _msgSender
• Governor proposal creation may be blocked by frontrunning
• TransparentUpgradeableProxy clashing selector calls may not be delegated
• GovernorCompatibilityBravo may trim proposal calldata
• ECDSA signature malleability
• GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals
• ERC165Checker unbounded gas consumption
• SignatureChecker may revert on invalid EIP-1271 signers
• ERC165Checker may revert instead of returning false

4.4.2 (9)

• ERC2771Context with custom forwarder may lead to zero-valued _msgSender
• Governor proposal creation may be blocked by frontrunning
• TransparentUpgradeableProxy clashing selector calls may not be delegated
• GovernorCompatibilityBravo may trim proposal calldata
• ECDSA signature malleability
• GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals
• ERC165Checker unbounded gas consumption
• SignatureChecker may revert on invalid EIP-1271 signers
• ERC165Checker may revert instead of returning false

4.4.1 (10)

• ERC2771Context with custom forwarder may lead to zero-valued _msgSender
• Governor proposal creation may be blocked by frontrunning
• TransparentUpgradeableProxy clashing selector calls may not be delegated
• GovernorCompatibilityBravo may trim proposal calldata
• ECDSA signature malleability
• GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals
• ERC165Checker unbounded gas consumption
• SignatureChecker may revert on invalid EIP-1271 signers
• ERC165Checker may revert instead of returning false
• GovernorCompatibilityBravo incorrect ABI encoding may lead to unexpected behavior

4.4.0 (11)

• ERC2771Context with custom forwarder may lead to zero-valued _msgSender
• Governor proposal creation may be blocked by frontrunning
• TransparentUpgradeableProxy clashing selector calls may not be delegated
• GovernorCompatibilityBravo may trim proposal calldata
• ECDSA signature malleability
• GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals
• ERC165Checker unbounded gas consumption
• SignatureChecker may revert on invalid EIP-1271 signers
• ERC165Checker may revert instead of returning false
• GovernorCompatibilityBravo incorrect ABI encoding may lead to unexpected behavior
• Initializer reentrancy may lead to double initialization

4.3.3 (11)

• ERC2771Context with custom forwarder may lead to zero-valued _msgSender
• Governor proposal creation may be blocked by frontrunning
• TransparentUpgradeableProxy clashing selector calls may not be delegated
• GovernorCompatibilityBravo may trim proposal calldata
• ECDSA signature malleability
• GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals
• ERC165Checker unbounded gas consumption
• SignatureChecker may revert on invalid EIP-1271 signers
• ERC165Checker may revert instead of returning false
• GovernorCompatibilityBravo incorrect ABI encoding may lead to unexpected behavior
• Initializer reentrancy may lead to double initialization

4.3.2 (13)

• ERC2771Context with custom forwarder may lead to zero-valued _msgSender
• Governor proposal creation may be blocked by frontrunning
• TransparentUpgradeableProxy clashing selector calls may not be delegated
• GovernorCompatibilityBravo may trim proposal calldata
• ECDSA signature malleability
• GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals
• ERC165Checker unbounded gas consumption
• SignatureChecker may revert on invalid EIP-1271 signers
• ERC165Checker may revert instead of returning false
• GovernorCompatibilityBravo incorrect ABI encoding may lead to unexpected behavior
• Initializer reentrancy may lead to double initialization
• ERC1155Supply vulnerability in OpenZeppelin Contracts

4.3.1 (14)

• ERC2771Context with custom forwarder may lead to zero-valued _msgSender
• Governor proposal creation may be blocked by frontrunning
• TransparentUpgradeableProxy clashing selector calls may not be delegated
• GovernorCompatibilityBravo may trim proposal calldata
• ECDSA signature malleability
• GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals
• ERC165Checker unbounded gas consumption
• SignatureChecker may revert on invalid EIP-1271 signers
• ERC165Checker may revert instead of returning false
• GovernorCompatibilityBravo incorrect ABI encoding may lead to unexpected behavior
• Initializer reentrancy may lead to double initialization
• ERC1155Supply vulnerability in OpenZeppelin Contracts
• UUPSUpgradeable vulnerability in OpenZeppelin Contracts

4.3.0 (14)

• ERC2771Context with custom forwarder may lead to zero-valued _msgSender
• Governor proposal creation may be blocked by frontrunning
• TransparentUpgradeableProxy clashing selector calls may not be delegated
• GovernorCompatibilityBravo may trim proposal calldata
• ECDSA signature malleability
• GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals
• ERC165Checker unbounded gas consumption
• SignatureChecker may revert on invalid EIP-1271 signers
• ERC165Checker may revert instead of returning false
• GovernorCompatibilityBravo incorrect ABI encoding may lead to unexpected behavior
• Initializer reentrancy may lead to double initialization
• ERC1155Supply vulnerability in OpenZeppelin Contracts
• UUPSUpgradeable vulnerability in OpenZeppelin Contracts
• TimelockController vulnerability in OpenZeppelin Contracts

4.2.0 (10)

• ERC2771Context with custom forwarder may lead to zero-valued _msgSender
• TransparentUpgradeableProxy clashing selector calls may not be delegated
• ECDSA signature malleability
• ERC165Checker unbounded gas consumption
• SignatureChecker may revert on invalid EIP-1271 signers
• ERC165Checker may revert instead of returning false
• Initializer reentrancy may lead to double initialization
• ERC1155Supply vulnerability in OpenZeppelin Contracts
• UUPSUpgradeable vulnerability in OpenZeppelin Contracts
• TimelockController vulnerability in OpenZeppelin Contracts

4.1.0 (9)

• ERC2771Context with custom forwarder may lead to zero-valued _msgSender
• TransparentUpgradeableProxy clashing selector calls may not be delegated
• ECDSA signature malleability
• ERC165Checker unbounded gas consumption
• SignatureChecker may revert on invalid EIP-1271 signers
• ERC165Checker may revert instead of returning false
• Initializer reentrancy may lead to double initialization
• UUPSUpgradeable vulnerability in OpenZeppelin Contracts
• TimelockController vulnerability in OpenZeppelin Contracts

4.0.0 (6)

• ERC2771Context with custom forwarder may lead to zero-valued _msgSender
• TransparentUpgradeableProxy clashing selector calls may not be delegated
• ERC165Checker unbounded gas consumption
• ERC165Checker may revert instead of returning false
• Initializer reentrancy may lead to double initialization
• TimelockController vulnerability in OpenZeppelin Contracts

4.0.0-rc.0 (6)

• ERC2771Context with custom forwarder may lead to zero-valued _msgSender
• TransparentUpgradeableProxy clashing selector calls may not be delegated
• ERC165Checker unbounded gas consumption
• ERC165Checker may revert instead of returning false
• Initializer reentrancy may lead to double initialization
• TimelockController vulnerability in OpenZeppelin Contracts

3.4.2 (3)

• TransparentUpgradeableProxy clashing selector calls may not be delegated
• ERC165Checker unbounded gas consumption
• Initializer reentrancy may lead to double initialization

3.4.1 (4)

• TransparentUpgradeableProxy clashing selector calls may not be delegated
• ERC165Checker unbounded gas consumption
• Initializer reentrancy may lead to double initialization
• TimelockController vulnerability in OpenZeppelin Contracts

3.4.0 (4)

• TransparentUpgradeableProxy clashing selector calls may not be delegated
• ERC165Checker unbounded gas consumption
• Initializer reentrancy may lead to double initialization
• TimelockController vulnerability in OpenZeppelin Contracts

3.3.0 (4)

• TransparentUpgradeableProxy clashing selector calls may not be delegated
• ERC165Checker unbounded gas consumption
• Initializer reentrancy may lead to double initialization
• TimelockController vulnerability in OpenZeppelin Contracts

3.2.2 (3)

• TransparentUpgradeableProxy clashing selector calls may not be delegated
• ERC165Checker unbounded gas consumption
• Initializer reentrancy may lead to double initialization

3.2.1 (3)

• TransparentUpgradeableProxy clashing selector calls may not be delegated
• ERC165Checker unbounded gas consumption
• Initializer reentrancy may lead to double initialization

3.2.0 (3)

• TransparentUpgradeableProxy clashing selector calls may not be delegated
• ERC165Checker unbounded gas consumption
• Initializer reentrancy may lead to double initialization

3.1.0 (1)

• ERC165Checker unbounded gas consumption

3.0.2 (1)

• ERC165Checker unbounded gas consumption

3.0.1 (1)

• ERC165Checker unbounded gas consumption

3.0.0 (1)

• ERC165Checker unbounded gas consumption

2.5.1 (1)

• ERC165Checker unbounded gas consumption

2.5.0 (1)

• ERC165Checker unbounded gas consumption

2.4.0 (1)

• ERC165Checker unbounded gas consumption

2.3.0 (1)

• ERC165Checker unbounded gas consumption

2.2.0 (1)

• ERC165Checker unbounded gas consumption

2.1.3 (1)

• ERC165Checker unbounded gas consumption

2.1.2 (1)

• ERC165Checker unbounded gas consumption

2.1.1 (1)

• ERC165Checker unbounded gas consumption

2.0.1 (1)

• ERC165Checker unbounded gas consumption

2.0.0 (1)

• ERC165Checker unbounded gas consumption

1.12.0 (0)

• none

1.11.0 (0)

• none

1.10.0 (0)

• none

1.9.1 (0)

• none

1.9.0 (0)

• none

1.8.0 (0)

• none

1.7.0 (0)

• none

1.6.0 (0)

• none

1.5.0 (0)

• none

1.4.0 (0)

• none

1.3.0 (0)

• none

1.2.0 (0)

• none

1.1.0 (0)

• none

1.0.7 (0)

• none

1.0.6 (0)

• none

1.0.5 (0)

• none

1.0.4 (0)

• none

1.0.3 (0)

• none

1.0.2 (0)

• none

1.0.1 (0)

• none

1.0.0 (0)

• none