漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OpenZeppelin Contracts initializer reentrancy may lead to double initialization
Vulnerability Description
OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible in the scenario described above, breaking the expectation that there is a single execution. Note that upgradeable proxies are commonly initialized together with contract creation, where reentrancy is not feasible, so the impact of this issue is believed to be minor. This issue has been patched, please upgrade to version 4.4.1. As a workaround, avoid untrusted external calls during initialization.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
初始化不恰当
Vulnerability Title
OpenZeppelin 安全漏洞
Vulnerability Description
OpenZeppelin是一个应用软件。一个安全区块链应用的标准。 OpenZeppelin Contracts 3.2.0及之后版本至4.4.1之前版本存在安全漏洞,该漏洞源于为了支持多重继承而设置的异常打破了与合约创建分开调用的初始化函数单次执行的预期。
CVSS Information
N/A
Vulnerability Type
N/A