TimelockController vulnerability in OpenZeppelin Contracts

OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team's control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

特权管理不恰当

OpenZepplin 安全漏洞

OpenZepplin是一个用于智能合约开发的库。 OpenZepplin 存在安全漏洞，该漏洞允许具有执行者角色的参与者提升权限。

N/A

N/A