Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`
Vulnerability Description
ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through `CallBuilder::delegate` or `ink_env::invoke_contract_delegate`, is decoded incorrectly. This bug was related to the mechanics around decoding a call's return buffer, which was changed as part of pull request 1450. Since this feature was only released in ink! 4.0.0, no previous versions are affected. Users who have an ink! 4.x series contract should upgrade to 4.2.1 to receive a patch.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
对因果或异常条件的不恰当检查
Vulnerability Title
ink! 安全漏洞
Vulnerability Description
ink!是一个 eDSL,为基于 Substrate 框架构建的区块链编写智能合约。 ink! 4.0.0及之前版本存在安全漏洞,该漏洞源于使用DelegateCall时存储值的解码不正确。
CVSS Information
N/A
Vulnerability Type
N/A