Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Governor proposal creation may be blocked by frontrunning in OpenZeppelin
Vulnerability Description
OpenZeppelin Contracts is a library for smart contract development. By frontrunning the creation of a proposal, an attacker can become the proposer and gain the ability to cancel it. The attacker can do this repeatedly to try to prevent a proposal from being proposed at all. This impacts the `Governor` contract in v4.9.0 only, and the `GovernorCompatibilityBravo` contract since v4.3.0. This problem has been patched in 4.9.1 by introducing opt-in frontrunning protection. Users are advised to upgrade. Users unable to upgrade may submit the proposal creation transaction to an endpoint with frontrunning protection as a workaround.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
授权机制缺失
Vulnerability Title
OpenZeppelin 安全漏洞
Vulnerability Description
OpenZeppelin是一个应用软件。一个安全区块链应用的标准。 OpenZeppelin Contracts 4.3.0至4.9.1之前版本存在安全漏洞,该漏洞源于允许攻击者通过提前创建提案获得取消提案的能力。
CVSS Information
N/A
Vulnerability Type
N/A