漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
Duplicated execution of subcalls in OpenZeppelin Contracts
漏洞信息
OpenZeppelin Contracts is a library for smart contract development. A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a line duplication. In the version of `Multicall.sol` released in `@openzeppelin/contracts@4.9.4` and `@openzeppelin/contracts-upgradeable@4.9.4`, all subcalls are executed twice. Concretely, this exposes a user to unintentionally duplicate operations like asset transfers. The duplicated delegatecall was removed in version 4.9.5. The 4.9.4 version is marked as deprecated. Users are advised to upgrade. There are no known workarounds for this issue.
漏洞信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
漏洞
控制流实现总是不正确
漏洞
OpenZeppelin 安全漏洞
漏洞信息
OpenZeppelin是一个应用软件。一个安全区块链应用的标准。 OpenZeppelin Contracts存在安全漏洞,该漏洞源于使用户无意中遭受重复操作,例如资产转移。
漏洞信息
N/A
漏洞
N/A